Graph Convolutional Networks for Android Malware Detection with System Call Graphs

Abstract

Nowadays, Android malwares have risen precipitously causing critical security threats. Malware authors now employ a variety of obfuscation techniques to evade their detection. Among various features, system calls are one of the major features used for detecting malwares. Although obfuscated malwares use diverse methods to conceal their malicious nature, the dependencies between the system calls can reveal their malicious nature. The existing malware detection models do not take into account of these structural dependencies and have large feature dimensions. Modelling the system calls as graphs can help in capturing the structural dependencies between the system calls. Recently, there has been an increasing interest in extending deep learning models such as Graph Convolutional Nets (GCN) for graph data. Motivated by this, we propose a novel Android malware detection mechanism using GCN which uses centrality measures of the graph as input features. To the best of our knowledge this is the first application of GCN for dynamic Android malware detection. We achieved a four dimensional feature representation for Android applications and a detection accuracy of 92.30 % on datasets with obfuscated malwares.