Skip to main content
SpringerLink
Log in

SFCGDroid: android malware detection based on sensitive function call graph

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Android is now one of the most popular operating systems in the world because of its open source character, so the threshold for hackers to make malware has also become lower, and more and more malware has started to threaten people’s lives. Graphs are used to represent the program’s syntactic and semantic structure, and can naturally represent malicious behavior, so we propose a malware detection method named SFCGDroid, which based on sensitive function call graph, so we propose a malware detection method named SFCGDroid, which based on sensitive function call graph. We first decompile the Android application to generate a function call graph (FCG), and extract the sensitive function call graph (SFCG) on the FCG. Secondly, we extract two class features (1) use the Skip-gram model to obtain function embeddings, and (2) treat the SFCG as a social network and extract the triads attribute of the sensitive API. The two types of features are combined as a feature representation of the SFCG and fed into a graph convolutional network (GCN) for malware detection. For experiments on 26,939 Android software datasets, SFCGDroid in this paper can achieve 98.22% accuracy and 98.20% F1 score.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data Availability

The datasets analysed during the current study are available from the corresponding author on reasonable request.

References

  1. Kaspersky’sreport. https://securelist.com/mobile-malware-evolution-2021/105876. Accessed 21 Feb 2022

  2. Zheng, M., Sun, M., Lui, J.C.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications pp. 163–171. IEEE (2013)

  3. Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. 15(1), 83–97 (2016)

    Article  Google Scholar 

  4. Zhang, H., Luo, S., Zhang, Y., Pan, L.: An efficient Android malware detection system based on method-level behavioral semantic analysis. IEEE Access 7, 69246–69256 (2019)

    Article  Google Scholar 

  5. Aafer, Y., Du, W., Yin, H.: Droidapiminer: mining api-level features for robust malware detection in android. In: International Conference on Security and Privacy in Communication Systems, pp. 86-103. Springer, Cham (2013)

  6. Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., Ye, H.: Significant permission identification for machine-learning-based android malware detection. IEEE Trans. Ind. Inform. 14(7), 3216–3225 (2018)

    Article  Google Scholar 

  7. Gong, L., Li, Z., Qian, F., Zhang, Z., Chen, Q.A., Qian, Z., Liu, Y.: Experiences of landing machine learning onto market-scale mobile malware detection. In: Proceedings of the Fifteenth European Conference on Computer Systems, pp. 1–14 (2020)

  8. Ye, G., Zhang, J., Li, H., Tang, Z., Lv, T.: Android malware detection technology based on lightweight convolutional neural networks. Secur. Commun. Netw. (2022). https://doi.org/10.1155/2022/8893764

    Article  Google Scholar 

  9. Karbab, E.B., Debbabi, M.: PetaDroid: adaptive android malware detection using deep learning. In: International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, pp. 319–340. Springer, Cham (2021)

  10. Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. NDSS 14, 19 (2012)

    Google Scholar 

  11. Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1–12 (2017)

    Article  Google Scholar 

  12. Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: Androdialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)

    Article  Google Scholar 

  13. Chavan, N., Di Troia, F., Stamp, M.: A comparative analysis of android malware (2019). arXiv preprint arXiv:1904.00735

  14. Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G. Mamadroid: Detecting android malware by building markov chains of behavioral models (2016). arXiv preprint arXiv:1612.04433

  15. Sasidharan, S.K., Thomas, C.: ProDroid-an android malware detection framework based on profile hidden Markov model. Pervasive Mobile Comput. 72, 101336 (2021)

    Article  Google Scholar 

  16. Bakour, K., Ünver, H.M.: DeepVisDroid: android malware detection by hybridizing image-based features with deep learning techniques. Neural Comput. Appl. 33(18), 11499–11516 (2021)

    Article  Google Scholar 

  17. Ünver, H.M., Bakour, K.: Android malware detection based on image-based features and machine learning techniques. SN Appl. Sci. 2(7), 1–15 (2020)

    Article  Google Scholar 

  18. Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T.: Dapasa: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans. Inf. Forensics Secur. 12(8), 1772–1785 (2017)

    Article  Google Scholar 

  19. Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of android malware using embedded call graphs. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, pp. 45–54 (2013)

  20. Xu, Z., Ren, K., Qin, S., Craciun, F.: CDGDroid: android malware detection based on deep learning using CFG and DFG. In: International Conference on Formal Engineering Methods, pp. 177–193. Springer, Cham (2018)

  21. Gao, H., Cheng, S., Zhang, W.: GDroid: android malware detection and classification with graph convolutional network. Comput. Secur. 106, 102264 (2021)

    Article  Google Scholar 

  22. Pei, X., Yu, L., Tian, S.: AMalNet: a deep learning framework based on graph convolutional networks for malware detection. Comput. Secur. 93, 101792 (2020)

    Article  Google Scholar 

  23. Ou, F., Xu, J.: S3Feature: a static sensitive subgraph-based feature for android malware detection. Comput. Secur. 112, 102513 (2022)

    Article  Google Scholar 

  24. Xiao, X., Zhang, S., Mercaldo, F., Hu, G., Sangaiah, A.K.: Android malware detection based on system call sequences and LSTM. Multimed. Tools Appl. 78(4), 3979–3999 (2019)

    Article  Google Scholar 

  25. Feng, P., Ma, J., Sun, C., Xu, X., Ma, Y.: A novel dynamic Android malware detection system with ensemble learning. IEEE Access 6, 30996–31011 (2018)

    Article  Google Scholar 

  26. Surendran, R., Thomas, T., Emmanuel, S.: A TAN based hybrid model for android malware detection. J. Inf. Secur. Appl. 54, 102483 (2020)

    Google Scholar 

  27. Arora, A., Peddoju, S. K.: NTPDroid: a hybrid android malware detector using network traffic and system permissions. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) pp. 808-813. IEEE (2018)

  28. Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: DL-Droid: deep learning based android malware detection using real devices. Comput. Secur. 89, 101663 (2020)

    Article  Google Scholar 

  29. Apktool. https://ibotpeaches.github.io/Apktool. Accessed 26 Feb 2022

  30. Androguard. https://github.com/androguard/androguard. Accessed 18 Feb 2019

  31. Mikolov, T., Sutskever, I., Chen, K., Corrado, G.S., Dean, J.: Distributed representations of words and phrases and their compositionality. In: Advances in Neural Information Processing Systems, vol. 26 (2013)

  32. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013). arXiv preprint arXiv:1301.3781

  33. Batagelj, V., Mrvar, A.: A subquadratic triad census algorithm for large sparse networks with small maximum degree. Soc. Netw 23(3), 237–243 (2001)

    Article  Google Scholar 

  34. Allix, K., Bissyandé, T. F., Klein, J., Le Traon, Y.: Androzoo: collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR) pp. 468-471. IEEE (2016)

  35. Lee, J., Lee, I., Kang, J.: Self-attention graph pooling. In: International Conference on Machine Learning, pp. 3734-3743. PMLR (2019)

  36. Cangea, C., Veličković, P., Jovanović, N., Kipf, T., Liò, P.: Towards sparse hierarchical graph classifiers (2018). arXiv preprint arXiv:1811.01287

  37. Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks (2016). arXiv preprint arXiv:1609.02907

  38. Rehurek, R., Sojka, P.: Software framework for topic modelling with large corpora. In: Proceedings of the LREC 2010 Workshop on New Challenges for NLP Frameworks (2010)

  39. Hagberg, A., Schult, D., Swart, P.: Exploring network structure, dynamics, and function using networkX. In: Varoquaux, G., Vaught, T., Millman, J. (eds.) Proceedings of the 7th Python in Science Conference (SciPy 2008), pp. 11–15 (2008)

  40. Wang, M., Zheng, D., Ye, Z., Gan, Q., Li, M., Song, X., Zhang, Z.: Deep graph library: a graph-centric, highly-performant package for graph neural networks (2019). arXiv preprint arXiv:1909.01315

  41. Ood, G.: Virustotal: R Client for the virustotal API. R package version 0.2.1 (2017)

  42. Mahdavifar, S., Kadir, A.F.A., Fatemi, R., Alhadidi, D., Ghorbani, A.A.: Dynamic android malware category classification using semi-supervised deep learning. In: 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pp. 515-522. IEEE (2020)

  43. VirusShare. https://virusshare.com. Accessed November 2019

  44. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  45. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217-228 (2012)

  46. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.E.R.T.: Drebin: effective and explainable detection of android malware in your pocket. Ndss 14, 23–26 (2014)

    Google Scholar 

  47. McLaughlin, N., Martinez del Rincon, J., Kang, B., Yerima, S., Miller, P., Sezer, S., Joon Ahn, G.: Deep android malware detection. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 301–308 (2017)

  48. Vinayaka, K.V., Jaidhar, C.D.: Android malware detection using function call graph with graph convolutional networks. In: 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), pp. 279–287. IEEE (2021)

  49. Wu, Y., Li, X., Zou, D., Yang, W., Zhang, X., Jin, H.: Malscan: fast market-wide mobile malware scanning by social-network centrality analysis. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) pp. 139-150. IEEE (2019)

  50. Mathur, A., Podila, L.M., Kulkarni, K., Niyaz, Q., Javaid, A.Y.: NATICUSdroid: a malware detection framework for android using native and custom permissions. J. Inf. Secur. Appl. 58, 102696 (2021)

    Google Scholar 

Download references

Acknowledgements

We would like to thank anonymous reviewers for their comments. This work was supported by Autonomous Region Key R &D Project (2021B01002), the Key Program of National Natural Science Foundation of China (U2003208), Major science and technology projects in the autonomous region (2020A03004-4).

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Xinjiang University, Urumqi, Xinjiang, China

    Sibo Shi

  2. School of Software, Xinjiang University, Urumqi, Xinjiang, China

    Shengwei Tian, Bo Wang & Guanxin Chen

  3. Internet Data Center, Urumqi, Xinjiang, China

    Tiejun Zhou

Authors
  1. Sibo Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shengwei Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tiejun Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guanxin Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shengwei Tian.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shi, S., Tian, S., Wang, B. et al. SFCGDroid: android malware detection based on sensitive function call graph. Int. J. Inf. Secur. 22, 1115–1124 (2023). https://doi.org/10.1007/s10207-023-00679-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00679-x

Keywords

Search

Navigation