dc.description.abstract | Among mobile phones, tablets and various Internet of Things(IoT)devices, the market share of the Android system maintains the first place. Compared with the iOS system, the Android system can install software more freely, and the APK file can be downloaded through the Internet. However, this convenience also brings a lot of risks. In order to cope with these risks, many methods for Android malware detection have been developed, such as static analysis, dynamic analysis, hybrid methods and network analysis, these methods can ensure that the APK installed by the user is safe and harmless. In the static analysis method, using of code (Source code) for analysis is a common method. In the code analysis, the function call graph (FCG) can be obtained through the APK file and code analysis tool. The calling relationship between functions is represented as a side. It is difficult to observe the usage times and frequency of a specific function by human. The entire graph constructed by the function can be used as an analysis to detect malware. However, if the names of these function calls are directly exposed, malicious people may take advantage, so removing the names of the function calls can prevent the leakage of these data. In addition, the FCG has tens of thousands of nodes, which are difficult to observe and identify through the human eye. Therefore, the method of using graph neural network can quickly and automatically classify the malware.
In order to solve the problem of featureless graph classification, this paper proposes the main mechanism: GNeP, based on the Graph Neural Network (GNN), which has developed rapidly in recent years, combined with the method of dealing with featureless graphs(Enhance Android Degree Profile,EADP)can solve the problem of non-feature graphs. For the problem of graph classfication, this paper uses Graph Isomorphic Network (GIN) as the model of GNN. GNeP has an accuracy rate of 93.12% in the classification of function call graph, which is better than the highest accuracy rate of 80.02% for Graph Convolution Network; the classification method proposed in this paper is not only suitable for Android malware detection but also for other graph classification problems. | en_US |