Litcius/Paper detail

An Android Malware Detection Method Using Frequent Graph Convolutional Neural Networks

Yulong Zhao, Shi Guo Sun, Xiaofeng Huang, Jixin Zhang

2025Electronics9 citationsDOIOpen Access PDF

Abstract

As Android holds a commanding position in the smartphone operating system market, the proliferation of malicious applications on this platform has also escalated rapidly. This surge in diverse malware variants has compelled researchers to explore innovative techniques leveraging machine learning. Given the significance of static analysis in network security, and the proven effectiveness of Dalvik opcode as a precise representation of malware, many studies have adopted the use of Dalvik opcode in conjunction with machine learning algorithms to detect Android malware. Currently, a considerable number of opcode-based approaches are being developed to extract semantic information from opcode sequences. Nonetheless, these approaches encounter considerable challenges in terms of achieving precision. Despite the integration of additional semantic features, they do not succeed in enhancing precision and often result in longer computation times. Furthermore, the extensive length of opcode sequences poses a significant obstacle in the analysis of their underlying semantics. When confronted with these challenges, delving into alternative characteristics could hold the potential to overcome the prevailing predicament, thereby enhancing our comprehension of malwares’ operational mechanisms. Considering the rich informational content embedded within opcode dependencies, despite the scarcity of research in this domain, we intend to prioritize our focus on these dependencies. By constructing opcode graphs, we aim to gain deeper insights into the topological properties of these dependencies, thereby facilitating a more comprehensive analysis. This paper presents an innovative Android malware detection method. The core process of this method includes building a Dalvik opcode graph, extracting frequent subgraphs, and embedding subgraphs using graph convolutional neural networks to extract topological features and train classification models. This model aims to accurately distinguish between malicious Android applications and legitimate applications. Based on the above method, we have successfully developed a lightweight prototype for Android malware variant detection. Through theoretical analysis and practical experimental verification, the prototype demonstrates excellent effectiveness, efficiency, and stability. Specifically, its detection accuracy is nearly 95%, and the time cost for a single detection does not exceed 0.1 s.

Topics & Concepts

Android malwareMalwareConvolutional neural networkComputer scienceAndroid (operating system)Artificial intelligenceAndroid applicationGraphMachine learningData miningPattern recognition (psychology)Embedded systemOperating systemTheoretical computer scienceAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionMobile and Web Applications