Hawk: Rapid Android Malware Detection Through Heterogeneous Graph Attention Networks

被引:36
|
作者
Hei, Yiming [1 ]
Yang, Renyu [2 ]
Peng, Hao [1 ]
Wang, Lihong [3 ]
Xu, Xiaolin [3 ]
Liu, Jianwei [1 ]
Liu, Hong [4 ,5 ]
Xu, Jie [2 ]
Sun, Lichao [6 ]
机构
[1] Beihang Univ, Sch Cyber Sci & Technol, Beijing 100083, Peoples R China
[2] Univ Leeds, Sch Comp, Leeds LS2 9JT, W Yorkshire, England
[3] Coordinat Ctr China, Natl Comp Network Emergency Response Tech Team, Beijing 100029, Peoples R China
[4] East China Normal Univ, Sch Comp Sci & Software Engn, Shanghai 200241, Peoples R China
[5] Shanghai Trusted Ind Control Platform Co Ltd, Shanghai 200062, Peoples R China
[6] Lehigh Univ, Dept Comp Sci & Engn, Bethlehem, PA 18015 USA
基金
英国工程与自然科学研究理事会;
关键词
Malware; Semantics; Feature extraction; Training; Numerical models; Data models; Predictive models; Android; graph representation learning; heterogeneous information network (HIN); malware detection;
D O I
10.1109/TNNLS.2021.3105617
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Android is undergoing unprecedented malicious threats daily, but the existing methods for malware detection often fail to cope with evolving camouflage in malware. To address this issue, we present Hawk, a new malware detection framework for evolutionary Android applications. We model Android entities and behavioral relationships as a heterogeneous information network (HIN), exploiting its rich semantic meta-structures for specifying implicit higher order relationships. An incremental learning model is created to handle the applications that manifest dynamically, without the need for reconstructing the whole HIN and the subsequent embedding model. The model can pinpoint rapidly the proximity between a new application and existing in-sample applications and aggregate their numerical embeddings under various semantics. Our experiments examine more than 80,860 malicious and 100,375 benign applications developed over a period of seven years, showing that Hawk achieves the highest detection accuracy against baselines and takes only 3.5 ms on average to detect an out-of-sample application, with the accelerated training time of 50x faster than the existing approach.
引用
收藏
页码:4703 / 4717
页数:15
相关论文
共 50 条
  • [1] Android malware detection method based on graph attention networks and deep fusion of multimodal features
    Chen, Shaojie
    Lang, Bo
    Liu, Hongyu
    Chen, Yikai
    Song, Yucai
    [J]. EXPERT SYSTEMS WITH APPLICATIONS, 2024, 237
  • [2] WHGDroid: Effective android malware detection based on weighted heterogeneous graph
    Huang, Lu
    Xue, Jingfeng
    Wang, Yong
    Liu, Zhenyan
    Chen, Junbao
    Kong, Zixiao
    [J]. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2023, 77
  • [3] GHGDroid: Global heterogeneous graph-based android malware detection
    Shen, Lina
    Fang, Mengqi
    Xu, Jian
    [J]. COMPUTERS & SECURITY, 2024, 141
  • [4] Heterogeneous Graph Matching Networks for Unknown Malware Detection
    Wang, Shen
    Chen, Zhengzhang
    Yu, Xiao
    Li, Ding
    Ni, Jingchao
    Tang, Lu-An
    Gui, Jiaping
    Li, Zhichun
    Chen, Haifeng
    Yu, Philip S.
    [J]. PROCEEDINGS OF THE TWENTY-EIGHTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2019, : 3762 - 3770
  • [5] Android malware detection through generative adversarial networks
    Amin, Muhammad
    Shah, Babar
    Sharif, Aizaz
    Alit, Tamleek
    Kim, Ki-Il
    Anwar, Sajid
    [J]. TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES, 2022, 33 (02)
  • [6] Heterogeneous Temporal Graph Transformer: An Intelligent System for Evolving Android Malware Detection
    Fan, Yujie
    Ju, Mingxuan
    Hou, Shifu
    Ye, Yanfang
    Wan, Wenqiang
    Wang, Kui
    Mei, Yinming
    Xiong, Qi
    [J]. KDD '21: PROCEEDINGS OF THE 27TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY & DATA MINING, 2021, : 2831 - 2839
  • [7] Heterogeneous Graph Matching Networks: Application to Unknown Malware Detection
    Wang, Shen
    Yu, Philip S.
    [J]. 2019 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2019, : 5401 - 5408
  • [8] HertDroid: Android Malware Detection Method with Influential Node Filter and Heterogeneous Graph Transformer
    Meng, Xinyi
    Li, Daofeng
    [J]. APPLIED SCIENCES-BASEL, 2024, 14 (08):
  • [9] Z2F: Heterogeneous graph-based Android malware detection
    Ma, Ziwei
    Luktarhan, Nurbor
    [J]. PLOS ONE, 2024, 19 (03):
  • [10] Research and implementation of Android malware detection algorithm based on Graph Convolutional Networks
    Wang, Yue
    Kezierbieke, Hailati
    Chen, Qinglin
    [J]. PROCEEDINGS OF INTERNATIONAL CONFERENCE ON ALGORITHMS, SOFTWARE ENGINEERING, AND NETWORK SECURITY, ASENS 2024, 2024, : 548 - 553