Go to OpenReview Public Article ORCID homepageAn Android Malware Detection Method Based on Metapath Aggregated Graph Neural Network
Abstract: Android system is facing an increasing threat of malware. Most of the current malware detection systems need to use large-scale training samples to get high accuracy. However, it is difficult to get a lot of samples. To solve this problem, we proposed a MAAMD (Metapath Aggregated Android Malware Detection) to obtain more useful information under the condition of a limited number of samples. In our method, the two most critical information types, namely API and Permission, are extracted as nodes, and the heterogeneous graph is constructed together with the APP nodes. The embedding of APP nodes is completed through two modules: intra-metapath aggregation and inter-metapath aggregation, then the classification of APP nodes is implemented by the SVM classifier. Each selected pathway is aggregated in the intra-metapath aggregation module, which aggregates the features of the intermediate node on the metapath and the features of the destination node itself. Therefore, the aggregated metapath obtains more semantic information which is helpful for malware detection. In the experiment, we achieved 99.68% accuracy only by 2,505 malicious APPs and 2,431 benign APPs. Compared with other methods that use large-scale training samples, MAAMD achieves higher accuracy by small-scale samples.
External IDs:doi:10.1007/978-981-97-0798-0_20
Loading