计算机科学
恶意软件
文字2vec
Android(操作系统)
Android恶意软件
图形
人工智能
调用图
卷积神经网络
机器学习
特征学习
系统调用
理论计算机科学
计算机安全
嵌入
程序设计语言
操作系统
作者
Zhen Liu,Ruoyu Wang,Nathalie Japkowicz,Heitor Murilo Gomes,Bitao Peng,Wenbin Zhang
标识
DOI:10.1016/j.eswa.2023.121125
摘要
Malware is still a challenging security problem in the Android ecosystem, as malware is often obfuscated to evade detection. In such case, semantic behavior feature extraction is crucial for training a robust malware detection model. In this paper, we propose a novel Android malware detection method (named SeGDroid) that focuses on learning the semantic knowledge from sensitive function call graphs (FCGs). Specifically, we devise a graph pruning method to build a sensitive FCG on the base of an original FCG. The method preserves the sensitive API (security-related API) call context and removes the irrelevant nodes of FCGs. We propose a node representation method based on word2vec and social-network-based centrality to extract attributes for graph nodes. Our representation aims at extracting the semantic knowledge of the function calls and the structure of graphs. Using this representation, we induce graph embeddings of the sensitive FCGs associated with node attributes using a graph convolutional neural network algorithm. To provide a model explanation, we further propose a method that calculates node importance. This creates a mechanism for understanding malicious behavior. The experimental results show that SeGDroid achieves an F-score of 98% in the case of malware detection on the CICMal2020 dataset and an F-score of 96% in the case of malware family classification on the MalRadar dataset. In addition, the provided model explanation is able to trace the malicious behavior of the Android malware.
科研通智能强力驱动
Strongly Powered by AbleSci AI