恶意软件
分类
Android恶意软件
计算机科学
Android(操作系统)
计算机安全
静态分析
控制流程图
图形
机器学习
操作系统
数据挖掘
程序设计语言
理论计算机科学
人工智能
作者
Mohammad Reza Norouzian,Peng Xu,Claudia Eckert,Apostolis Zarras
标识
DOI:10.1007/978-3-030-91356-4_14
摘要
Android malicious applications have become so sophisticated that they can bypass endpoint protection measures. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, thereby raising the need to develop efficient ways to detect Android malware. In this paper, we present Hybroid, a hybrid Android malware detection and categorization solution that utilizes program code structures as static behavioral features and network traffic as dynamic behavioral features for detection (binary classification) and categorization (multi-label classification). For static analysis, we introduce a natural-language-processing-inspired technique based on function call graph embeddings and design a graph-neural-network-based approach to convert the whole graph structure of an Android app to a vector. For dynamic analysis, we extract network flow features from the raw network traffic by capturing each application’s network flow. Finally, Hybroid utilizes the network flow features combined with the graphs’ vectors to detect and categorize the malware. Our solution demonstrates 97.0% accuracy on average for malware detection and 94.0% accuracy for malware categorization. Also, we report remarkable results in different performance metrics such as F1-score, precision, recall, and AUC.
科研通智能强力驱动
Strongly Powered by AbleSci AI