Function Call Graph Score for Malware Detection

The openness of Android operating system not only brings convenience to users, but also leads to the attack threat from a large number of malicious applications (apps). Thus malware detection has become the research focus in the field of mobile security. In order to solve the problem of more coarse-grained feature selection and larger feature loss of graph structure existing in the current detection methods, we put forward a method named DGCNDroid for Android malware detection, which is based on the deep graph convolutional network. Our method starts by generating a function call graph for the decompiled Android application. Then the function call subgraph containing the sensitive application programming interface (API) is extracted. Finally, the function call subgraphs with structural features are trained as the input of the deep graph convolutional network. Thus the detection and classification of malicious apps can be realized. Through experimentation on a dataset containing 11,120 Android apps, the method proposed in this paper can achieve detection accuracy of 98.2%, which is higher than other existing detection methods.

Download Full-text

Using G Features to Improve the Efficiency of Function Call Graph Based Android Malware Detection

Wireless Personal Communications ◽

10.1007/s11277-018-5982-0 ◽

2018 ◽

Vol 103 (4) ◽

pp. 2947-2955 ◽

Cited By ~ 4

Author(s):

Yu Liu ◽

Liqiang Zhang ◽

Xiangdong Huang

Keyword(s):

Malware Detection ◽

Android Malware ◽

Call Graph ◽

Android Malware Detection ◽

Function Call

Download Full-text

Android Malware Detection using Function Call Graph with Graph Convolutional Networks

2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC) ◽

10.1109/icsccc51823.2021.9478141 ◽

2021 ◽

Author(s):

Vinayaka K V ◽

Jaidhar C D

Keyword(s):

Malware Detection ◽

Android Malware ◽

Call Graph ◽

Convolutional Networks ◽

Android Malware Detection ◽

Function Call

Download Full-text

IoT Malware Detection Using Function-Call-Graph Embedding

10.1109/pst52912.2021.9647806 ◽

2021 ◽

Author(s):

Chia-Yi Wu ◽

Tao Ban ◽

Shin-Ming Cheng ◽

Bo Sun ◽

Takeshi Takahashi

Keyword(s):

Malware Detection ◽

Graph Embedding ◽

Call Graph ◽

Function Call

Download Full-text

AFCGDroid: Deep Learning Based Android Malware Detection Using Attributed Function Call Graphs

Journal of Physics Conference Series ◽

10.1088/1742-6596/1693/1/012080 ◽

2020 ◽

Vol 1693 ◽

pp. 012080

Author(s):

Tong Lu ◽

Xiaoyuan Liu ◽

Jingwei Chen ◽

Naitian Hu ◽

Bo Liu

Keyword(s):

Deep Learning ◽

Malware Detection ◽

Android Malware ◽

Android Malware Detection ◽

Function Call ◽

Call Graphs

Download Full-text

A similarity metric method of obfuscated malware using function-call graph

Journal of Computer Virology and Hacking Techniques ◽

10.1007/s11416-012-0175-y ◽

2013 ◽

Vol 9 (1) ◽

pp. 35-47 ◽

Cited By ~ 26

Author(s):

Ming Xu ◽

Lingfei Wu ◽

Shuhui Qi ◽

Jian Xu ◽

Haiping Zhang ◽

...

Keyword(s):

Similarity Metric ◽

Call Graph ◽

Function Call

Download Full-text

Exploring Function Call Graph Vectorization and File Statistical Features in Malicious PE File Classification

IEEE Access ◽

10.1109/access.2020.2978335 ◽

2020 ◽

Vol 8 ◽

pp. 44652-44660

Author(s):

Yipin Zhang ◽

Xiaolin Chang ◽

Yuzhou Lin ◽

Jelena Misic ◽

Vojislav B. Misic

Keyword(s):

Statistical Features ◽

Call Graph ◽

Function Call

Download Full-text

Toward efficient and accurate function‐call graph matching of binary codes

Concurrency and Computation Practice and Experience ◽

10.1002/cpe.4871 ◽

2018 ◽

Vol 31 (21) ◽

Cited By ~ 1

Author(s):

DongXing Huang ◽

Yong Tang ◽

Yi Wang ◽

ShuNing Wei

Keyword(s):

Graph Matching ◽

Binary Codes ◽

Call Graph ◽

Function Call

Download Full-text

Malware Detection Based on Hybrid Signature Behaviour Application Programming Interface Call Graph

American Journal of Applied Sciences ◽

10.3844/ajassp.2012.283.288 ◽

2012 ◽

Vol 9 (3) ◽

pp. 283-288 ◽

Cited By ~ 34

Author(s):

Murat

Keyword(s):

Malware Detection ◽

Application Programming Interface ◽

Call Graph ◽

Application Programming ◽

Programming Interface

Download Full-text

A Malware and Variant Detection Method Using Function Call Graph Isomorphism

Security and Communication Networks ◽

10.1155/2019/1043794 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 1

Author(s):

Jinrong Bai ◽

Qibin Shi ◽

Shiguang Mu

Keyword(s):

Large Scale ◽

Detection Method ◽

Graph Isomorphism ◽

Experimental Results ◽

Call Graph ◽

Antivirus Software ◽

Function Call ◽

Variant Detection ◽

High Level ◽

High Level Abstraction

The huge influx of malware variants are generated using packing and obfuscating techniques. Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants. Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely. Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature. In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants. Four experiments are designed to evaluate the performance of the proposed method. Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants. The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.

Download Full-text