PRAU-GIN: GIN-based android malware classification with traffic refinement and node augmentation

PRAU-GIN: GIN-based android malware classification with traffic refinement and node augmentation

연구 분야: Safety

학회: International Journal of Information Security

Mitigating malware attacks on Android devices poses a significant challenge in cybersecurity, especially since malware continually advances with tactics aimed at circumventing traditional detection methods. Recently, researchers have proposed multiple techniques, notably utilizing deep learning models, to enhance the efficacy of malware detection and categorization. Graph Neural Networks (GNNs) have shown promise in the examination of malware behavior. This paper introduces PRAU-GIN, a novel method leveraging Graph Isomorphism Networks (GIN) to improve the identification and classification of Android malware through network traffic analysis. Specifically, we employ the Label Spreading algorithm to detect background flows and filter them from malware traffic samples. Subsequently, we represent the network traffic of each device as a traffic graph, augmenting node attributes with the graph structure. Finally, we propose a 2-layer GIN network architecture to categorize the constructed graphs for malware detection and classification. Experimental findings on the CIC-AndMal2017 dataset demonstrated 99.54% accuracy in malware category classification. Moreover, our method demonstrates exceptional efficacy in identifying 0-day malware, underscoring its applicability for real-world deployment.