Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (23): 122-128.DOI: 10.3778/j.issn.1002-8331.2007-0206

• Network, Communication and Security • Previous Articles     Next Articles

Interpretable Automatic Detection of Android Malware Based on Graph Embedding

WANG Yulian, LU Mingming   

  1. School of Computer Science, Central South University, Changsha 410083, China
  • Online:2021-12-01 Published:2021-12-02



  1. 中南大学 计算机学院,长沙 410083


The geometric growth of Android malware has driven the development of Android malware detection. Some work analyzed Android malware from the perspective of interpretability, and obtained the characteristics of the greatest impact through analyzing the model, which provided certain interpretability for the deep learning model. These methods, based on the strong assumption that features are independent of each other, only consider the influence of features on the model, while in practice there is always coupling between features. Considering only the influence of a single feature on the model, it is difficult to reflect the coupling effect and cannot describe the combination pattern of sensitive API in different types of software. To solve this problem, Android software is depicted as a graph, and combining the structure information of the graph and the information inside the graph node, a method based on graph embedding is proposed to detect Android malware. This method learns the low dimensional dense embedded representation of Android software through the attention mechanism. Experimental results show that using the learned embedded representation for malware detection not only has a higher classification accuracy, but also can find the patterns affecting model decision-making and locate the sensitive API sequences involved in malicious behavior by analyzing the path with a large attention score.

Key words: Android malware, graph embedded learning, sensitive API sequence, attention mechanism



关键词: Android恶意软件, 图嵌入学习, 敏感API序列, 注意力机制