Related papers: VOLTRON: Detecting Unknown Malware Using Graph-Based Zero-Shot Learning

VOLTRON: Detecting Unknown Malware Using Graph-Based Zero-Shot Learning

URL: http://arxiv.org/abs/2507.04275v1
Date: Sun, 06 Jul 2025 07:25:25 GMT
Title: VOLTRON: Detecting Unknown Malware Using Graph-Based Zero-Shot Learning
Authors: M. Tahir Akdeniz, Zeynep Yeşilkaya, İ. Enes Köse, İ. Ulaş Ünal, Sevil Şen,
Abstract summary: The persistent threat of Android malware presents a serious challenge to the security of millions of users globally.<n>We introduce a novel zero-shot learning framework that combines Variational Graph Auto-Encoders (VGAE) with Siamese Neural Networks (SNN) to identify malware without needing prior examples of specific malware families.<n>Our model achieves 96.24% accuracy and 95.20% recall for unknown malware families, highlighting its robustness against evolving Android threats.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The persistent threat of Android malware presents a serious challenge to the security of millions of users globally. While many machine learning-based methods have been developed to detect these threats, their reliance on large labeled datasets limits their effectiveness against emerging, previously unseen malware families, for which labeled data is scarce or nonexistent. To address this challenge, we introduce a novel zero-shot learning framework that combines Variational Graph Auto-Encoders (VGAE) with Siamese Neural Networks (SNN) to identify malware without needing prior examples of specific malware families. Our approach leverages graph-based representations of Android applications, enabling the model to detect subtle structural differences between benign and malicious software, even in the absence of labeled data for new threats. Experimental results show that our method outperforms the state-of-the-art MaMaDroid, especially in zero-day malware detection. Our model achieves 96.24% accuracy and 95.20% recall for unknown malware families, highlighting its robustness against evolving Android threats.

Related papers

Addressing malware family concept drift with triplet autoencoder [2.416907802598482]
Concept drift can occur in two forms: the emergence of entirely new malware families and the evolution of existing ones.<n>This paper proposes an innovative method to address the former, focusing on effectively identifying new malware families.<n>Our results demonstrate a significant improvement in detecting new malware families, offering a reliable solution for ongoing cybersecurity challenges.
arXiv Detail & Related papers (2025-07-01T00:55:00Z)
MalVis: A Large-Scale Image-Based Framework and Dataset for Advancing Android Malware Classification [2.156165260537145]
MalVis is a unified visualization framework that integrates entropy and N-gram analysis to emphasize structural and anomalous patterns in malware bytecode.<n>We evaluate MalVis against state-of-the-art visualization techniques using leading CNN models.<n>MalVis achieves strong results: 95.19% accuracy, 90.81% F1-score, 92.58% precision, 89.10% recall, 87.58% MCC, and 98.06% ROC-AUC.
arXiv Detail & Related papers (2025-05-17T18:19:35Z)
Explainable Android Malware Detection and Malicious Code Localization Using Graph Attention [1.2277343096128712]
XAIDroid is a novel approach to automatically locating malicious code snippets within malware.<n>By representing code as API call graphs, XAIDroid captures semantic context and enhances resilience against obfuscation.<n> Evaluation on synthetic and real-world malware datasets demonstrates the efficacy of our approach, achieving high recall and F1-score rates for malicious code localization.
arXiv Detail & Related papers (2025-03-10T09:33:37Z)
MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z)
Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem [36.28578334243828]
We introduce MaleficNet 2.0, a technique to embed self-extracting, self-executing malware in neural networks.<n> MaleficNet 2.0 injection technique is stealthy, does not degrade the performance of the model, and is robust against removal techniques.<n>We implement a proof-of-concept self-extracting neural network malware using MaleficNet 2.0, demonstrating the practicality of the attack against a widely adopted machine learning framework.
arXiv Detail & Related papers (2024-03-06T10:27:08Z)
Catch'em all: Classification of Rare, Prominent, and Novel Malware Families [3.147175286021779]
Malware remains one of the most dangerous and costly cyber threats. As of last year, researchers reported 1.3 billion known malware specimens. These challenges include detection of novel malware and the ability to perform malware classification in the face of class imbalance.
arXiv Detail & Related papers (2024-03-04T23:46:19Z)
Unraveling the Key of Machine Learning Solutions for Android Malware Detection [33.63795751798441]
This paper presents a comprehensive investigation into machine learning-based Android malware detection. We first survey the literature, categorizing contributions into a taxonomy based on the Android feature engineering and ML modeling pipeline. Then, we design a general-propose framework for ML-based Android malware detection, re-implement 12 representative approaches from different research communities, and evaluate them from three primary dimensions, i.e. effectiveness, robustness, and efficiency.
arXiv Detail & Related papers (2024-02-05T12:31:19Z)
Semi-supervised Classification of Malware Families Under Extreme Class Imbalance via Hierarchical Non-Negative Matrix Factorization with Automatic Model Selection [34.7994627734601]
We propose a novel hierarchical semi-supervised algorithm, which can be used in the early stages of the malware family labeling process. With HNMFk, we exploit the hierarchical structure of the malware data together with a semi-supervised setup, which enables us to classify malware families under conditions of extreme class imbalance. Our solution can perform abstaining predictions, or rejection option, which yields promising results in the identification of novel malware families.
arXiv Detail & Related papers (2023-09-12T23:45:59Z)
DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z)
Towards a Fair Comparison and Realistic Design and Evaluation Framework of Android Malware Detectors [63.75363908696257]
We analyze 10 influential research works on Android malware detection using a common evaluation framework. We identify five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models. We conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
arXiv Detail & Related papers (2022-05-25T08:28:08Z)
Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.