Hei, Y, Yang, R orcid.org/0000-0001-6334-4925, Peng, H et al. (6 more authors) (2024) Hawk: Rapid Android Malware Detection Through Heterogeneous Graph Attention Networks. IEEE Transactions on Neural Networks and Learning Systems, 35 (4). 4703 -4717. ISSN 2162-2388
Abstract
Android is undergoing unprecedented malicious threats daily, but the existing methods for malware detection often fail to cope with evolving camouflage in malware. To address this issue, we present Hawk, a new malware detection framework for evolutionary Android applications. We model Android entities and behavioral relationships as a heterogeneous information network (HIN), exploiting its rich semantic meta-structures for specifying implicit higher order relationships. An incremental learning model is created to handle the applications that manifest dynamically, without the need for reconstructing the whole HIN and the subsequent embedding model. The model can pinpoint rapidly the proximity between a new application and existing in-sample applications and aggregate their numerical embeddings under various semantics. Our experiments examine more than 80,860 malicious and 100,375 benign applications developed over a period of seven years, showing that Hawk achieves the highest detection accuracy against baselines and takes only 3.5 ms on average to detect an out-of-sample application, with the accelerated training time of 50x faster than the existing approach.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
Keywords: | Android; graph representation learning; heterogeneous information network (HIN); malware detection |
Dates: |
|
Institution: | The University of Leeds |
Academic Units: | The University of Leeds > Faculty of Engineering & Physical Sciences (Leeds) > School of Computing (Leeds) |
Funding Information: | Funder Grant number EPSRC (Engineering and Physical Sciences Research Council) EP/T01461X/1 |
Depositing User: | Symplectic Publications |
Date Deposited: | 16 Aug 2021 09:25 |
Last Modified: | 22 May 2024 13:53 |
Status: | Published |
Publisher: | Institute of Electrical and Electronics Engineers |
Identification Number: | 10.1109/TNNLS.2021.3105617 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:177116 |