Back to Search Start Over

A malware detection model based on imbalanced heterogeneous graph embeddings.

Authors :
Li, Tun
Luo, Ya
Wan, Xin
Li, Qian
Liu, Qilie
Wang, Rong
Jia, Chaolong
Xiao, Yunpeng
Source :
Expert Systems with Applications. Jul2024, Vol. 246, pN.PAG-N.PAG. 1p.
Publication Year :
2024

Abstract

The proliferation of malware in recent years has posed a significant threat to the security of computers and mobile devices. Detecting malware, especially on the Android platform, has become a growing concern for researchers and the software industry. This paper proposes a new method for detecting Android malware based on unbalanced heterogeneous graph embedding. First of all, most malware datasets contain an imbalance of malicious and benign samples, since some types of malware are scarce and difficult to collect. Thus, as a result of this problem, the classification algorithm is unable to analyze the minority samples through sufficient data, resulting in poor downstream classifier performance, in light of the fact that adversarial generation networks possess the characteristic of completing data, an algorithm for generating graph structure data is presented, in which nodes are generated to simulate the distribution of minority nodes within a network topology. Then, considering that heterogeneous information networks have the characteristics of retaining rich node semantic features and mining implicit relationships, heterogeneous graphs are used to construct models for different types of entities (i.e. Apps, APIs, permissions, intents, etc.) and different meta-paths. Finally, a new method is introduced to alleviate the over-smoothing phenomenon of node information in the propagation of deep network. In the deep GCN, we first sample the leader nodes of each layer node, and then add a residual connection and an identity map in order to determine the characteristics of the high-order leader. In this paper, a self-attention-based semantic fusion method is also applied to adaptively fuse embedded representations of software nodes under different meta-paths. The test results demonstrate that the proposed IHODroid model effectively detects malicious software. In the DREBIN dataset, which consists of 123,453 Android applications and 5,560 malicious samples, the IHODroid model achieves an accuracy of 0.9360 and an F1 score of 0.9360, outperforming other state-of-the-art baseline methods. • A new generative adversarial network model has been proposed for balancing data. • Heterogeneous graphs are used for modeling malware detection. • A new method is introduced to alleviate the over-smoothing phenomenon. [ABSTRACT FROM AUTHOR]

Details

Language :
English
ISSN :
09574174
Volume :
246
Database :
Academic Search Index
Journal :
Expert Systems with Applications
Publication Type :
Academic Journal
Accession number :
176225952
Full Text :
https://doi.org/10.1016/j.eswa.2023.123109