A Graph-Representation-Learning Framework for Supporting Android Malware Identification and Polymorphic Evolution

Abstract

Detecting Malware is an interesting research area, however, as the polymorphic nature of the latter makes it difficult to identify, particularly when using Hash-based detection methods. Unlike image-based strategies, in this research, a graph-based technique was used to extract control flow graphs from Android APK binaries. In order to handle the generated graph, we employ an approach that combines a novel graph representation learning method called Inferential SIR- GN for Graph representation, which retains graph structural similarities, with XGBoost, i.e., a typical Machine Learning model. The approach is then applied to MALNET, a publicly accessible cybersecurity database that contains the image and graph-based Android APK binary representations for a total of 1, 262, 024 million Android APK binary files with 47 kinds and 696 families. The experimental results indicate that our graph-based strategy outperforms the image-based approach in terms of detection accuracy.