Research And Implementation Of Heterogeneous Graph Embedding For Android Malware Detection

In the era of mobile internet,mobile applications(APPs)constitute the basic element of modern people's daily lives.With the vigorous development of the Android ecosystem,both the quantity and potential harm of malicious software(malware)are increasing rapidly.The malware detection system is one of the most important security infrastructures for protecting APP users' security and privacy.Many machine learning-based Android malware detection models are proposed in recent years.However,it is reported that those detection models tend to degradant when deployed to the real world.This paper holds the view that the fundamental reason for model degradation is the non-identity distribution of data.Two specific non-identity distribution scenarios are defined in this paper,namely the scenario of adversarial sample attack and the scenario of ecosystem evolution.We proposed a new detection model to solve the phenomenon of model degradation in each of the above scenarios.The main works of this paper are as follows:(1)This paper makes a full survey about model degradation caused by the adversarial attack and takes an in-depth analysis of existing adversarial example attack algorithms.This paper proposes an attributed heterogeneous graph-based Android malware detection model,called GraphDroid,which could enhance the model's robustness without sacrificing accuracy through substituting the representation paradigm from Euclidean(vector)to non-Euclidean(graph).(2)This paper makes a full survey about the model degradation caused by ecosystem evolution and takes the characteristics of data shift in the scenario of ecosystem evolution.This paper proposes an evolutionary graph-based Android malware detection model,named GraphEvolveDroid,which could effectively alleviate model degradation through suppressing data shift by graph modeling and transfer learning.(3)This paper has designed and implemented an Android malware detection system based on above proposed detection models.The detection system provides detection service and interactive analysis service.This paper makes a careful introduction about the developed detection system from multiple aspects including requirement analysis,outline design,and detailed design,and verifies the performance and functions of the system through black-box testing technology.