Proposal of Android Malware Detection Method Based on Component Graphs
摘要
Many malware detection methods have been developed for Android. One way is to detect Android malware by representing Android applications (hereinafter, “apps”) as a method call graph. However, there are cases where common libraries are included in the analysis target, and if these libraries are also included in the graph, the detection accuracy is affected and also graph size is unnecessarily large because they represent behaviors that do not occur in the original application. One way to deal with common libraries is to add them to a white list and exclude them from analysis, but since there are many common libraries, it is difficult to exclude all of them in practice. In this study, we define two types of component graphs, devise an algorithm for generating component graphs, and propose an Android malware detection method using component graphs in order to improve the detection rate of Android malware. To confirm whether component graphs are effective for malware detection, we used graph neural networks as a classification algorithm and conducted experiments to evaluate the accuracy of Android malware detection using component graphs and method call graphs. The results showed that our proposed method using component graphs, which are much smaller graphs than method call graphs, succeeded in detecting malware with 96.18% accuracy, which is comparable with that of method call graphs.