SFCGDroid: android malware detection based on sensitive function call graph.

Android is now one of the most popular operating systems in the world because of its open source character, so the threshold for hackers to make malware has also become lower, and more and more malware has started to threaten people's lives. Graphs are used to represent the program's syntactic and semantic structure, and can naturally represent malicious behavior, so we propose a malware detection method named SFCGDroid, which based on sensitive function call graph, so we propose a malware detection method named SFCGDroid, which based on sensitive function call graph. We first decompile the Android application to generate a function call graph (FCG), and extract the sensitive function call graph (SFCG) on the FCG. Secondly, we extract two class features (1) use the Skip-gram model to obtain function embeddings, and (2) treat the SFCG as a social network and extract the triads attribute of the sensitive API. The two types of features are combined as a feature representation of the SFCG and fed into a graph convolutional network (GCN) for malware detection. For experiments on 26,939 Android software datasets, SFCGDroid in this paper can achieve 98.22% accuracy and 98.20% F1 score. [ABSTRACT FROM AUTHOR]