Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Mohammad Reza Norouzian*, Peng Xu, Claudia Eckert, Apostolis Zarras

*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

Android malicious applications have become so sophisticated that they can bypass endpoint protection measures. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, thereby raising the need to develop efficient ways to detect Android malware. In this paper, we present Hybroid, a hybrid Android malware detection and categorization solution that utilizes program code structures as static behavioral features and network traffic as dynamic behavioral features for detection (binary classification) and categorization (multi-label classification). For static analysis, we introduce a natural-language-processing-inspired technique based on function call graph embeddings and design a graph-neural-network-based approach to convert the whole graph structure of an Android app to a vector. For dynamic analysis, we extract network flow features from the raw network traffic by capturing each application’s network flow. Finally, Hybroid utilizes the network flow features combined with the graphs’ vectors to detect and categorize the malware. Our solution demonstrates 97.0% accuracy on average for malware detection and 94.0% accuracy for malware categorization. Also, we report remarkable results in different performance metrics such as F1-score, precision, recall, and AUC.

Original languageEnglish
Title of host publicationInformation Security - 24th International Conference, ISC 2021, Proceedings
EditorsJoseph K. Liu, Sokratis Katsikas, Weizhi Meng, Willy Susilo, Rolly Intan
PublisherSpringer
Pages259-278
Number of pages20
ISBN (Print)978-3-03-09135-5-7
DOIs
Publication statusPublished - 2021
Event24th International Conference on Information Security, ISC 2021 - Virtual, Online
Duration: 10 Nov 202112 Nov 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13118 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference24th International Conference on Information Security, ISC 2021
CityVirtual, Online
Period10/11/2112/11/21

Fingerprint

Dive into the research topics of 'Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic'. Together they form a unique fingerprint.

Cite this