Explainable Android Malware Detection and Malicious Code Localization Using Graph Attention

• URL: http://arxiv.org/abs/2503.07109v1
• Date: Mon, 10 Mar 2025 09:33:37 GMT
• Title: Explainable Android Malware Detection and Malicious Code Localization Using Graph Attention
• Authors: Merve Cigdem Ipek, Sevil Sen,
• Abstract summary: XAIDroid is a novel approach to automatically locating malicious code snippets within malware.<n>By representing code as API call graphs, XAIDroid captures semantic context and enhances resilience against obfuscation.<n> Evaluation on synthetic and real-world malware datasets demonstrates the efficacy of our approach, achieving high recall and F1-score rates for malicious code localization.
• Score: 1.2277343096128712
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: With the escalating threat of malware, particularly on mobile devices, the demand for effective analysis methods has never been higher. While existing security solutions, including AI-based approaches, offer promise, their lack of transparency constraints the understanding of detected threats. Manual analysis remains time-consuming and reliant on scarce expertise. To address these challenges, we propose a novel approach called XAIDroid that leverages graph neural networks (GNNs) and graph attention mechanisms for automatically locating malicious code snippets within malware. By representing code as API call graphs, XAIDroid captures semantic context and enhances resilience against obfuscation. Utilizing the Graph Attention Model (GAM) and Graph Attention Network (GAT), we assign importance scores to API nodes, facilitating focused attention on critical information for malicious code localization. Evaluation on synthetic and real-world malware datasets demonstrates the efficacy of our approach, achieving high recall and F1-score rates for malicious code localization. The successful implementation of automatic malicious code localization enhances the scalability, interpretability, and reliability of malware analysis.

Related papers

• Enhancing Software Vulnerability Detection Using Code Property Graphs and Convolutional Neural Networks [0.0]
  This paper proposes a novel approach to detecting software vulnerabilities using a combination of code property graphs and machine learning techniques. We introduce various neural network models, including convolutional neural networks adapted for graph data, to process these representations. Our contributions include a methodology for transforming software code into code property graphs, the implementation of a convolutional neural network model for graph data, and the creation of a comprehensive dataset for training and evaluation.
  arXiv  Detail & Related papers  (2025-03-23T19:12:07Z)
• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• HGAttack: Transferable Heterogeneous Graph Adversarial Attack [63.35560741500611]
  Heterogeneous Graph Neural Networks (HGNNs) are increasingly recognized for their performance in areas like the web and e-commerce. This paper introduces HGAttack, the first dedicated gray box evasion attack method for heterogeneous graphs.
  arXiv  Detail & Related papers  (2024-01-18T12:47:13Z)
• Discovering Malicious Signatures in Software from Structural Interactions [7.06449725392051]
  We propose a novel malware detection approach that leverages deep learning, mathematical techniques, and network science. Our approach focuses on static and dynamic analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile applications within a complex network. Our approach marks a substantial improvement in malware detection, providing a notably more accurate and efficient solution.
  arXiv  Detail & Related papers  (2023-12-19T23:42:20Z)
• A Survey on Malware Detection with Graph Representation Learning [0.0]
  Malware detection has become a major concern due to the increasing number and complexity of malware. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data. This paper provides an in-depth literature review to summarize and unify existing works under the common approaches and architectures.
  arXiv  Detail & Related papers  (2023-03-28T14:27:08Z)
• VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements [62.93814803258067]
  This paper presents VELVET, a novel ensemble learning approach to locate vulnerable statements in source code. Our model combines graph-based and sequence-based neural networks to successfully capture the local and global context of a program graph. VELVET achieves 99.6% and 43.6% top-1 accuracy over synthetic data and real-world data, respectively.
  arXiv  Detail & Related papers  (2021-12-20T22:45:27Z)
• Software Vulnerability Detection via Deep Learning over Disaggregated Code Graph Representation [57.92972327649165]
  This work explores a deep learning approach to automatically learn the insecure patterns from code corpora. Because code naturally admits graph structures with parsing, we develop a novel graph neural network (GNN) to exploit both the semantic context and structural regularity of a program.
  arXiv  Detail & Related papers  (2021-09-07T21:24:36Z)
• Information Obfuscation of Graph Neural Networks [96.8421624921384]
  We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
  arXiv  Detail & Related papers  (2020-09-28T17:55:04Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• MALOnt: An Ontology for Malware Threat Intelligence [19.57441168490977]
  Malware threat intelligence uncovers deep information about malware, threat actors, and their tactics. MALOnt allows structured extraction of information and knowledge graph generation.
  arXiv  Detail & Related papers  (2020-06-20T00:25:07Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.