PLoS ONE (Jan 2024)

Z2F: Heterogeneous graph-based Android malware detection.

  • Ziwei Ma,
  • Nurbor Luktarhan

DOI
https://doi.org/10.1371/journal.pone.0300975
Journal volume & issue
Vol. 19, no. 3
p. e0300975

Abstract

Read online

Android malware is becoming more common, and its invasion of smart devices has brought immeasurable losses to people's lives. Most existing Android malware detection methods extract Android features from the original application files without considering the high-order hidden information behind them, but these hidden information can reflect malicious behaviors. To solve this problem, this paper proposes Z2F, a detection framework based on multidimensional Android feature extraction and graph neural networks for Android applications. Z2F first extracts seven types of Android features from the original Android application and then embeds them into a heterogeneous graph. On this basis, we design 12 kinds of meta-structures to analyze different semantic spaces of heterogeneous graphs, mine high-order hidden semantic information, and adopt a multi-layer graph attention mechanism to iteratively embed and update information. In this paper, a total of 14429 Android applications were detected and 1039726 Android features were extracted, with a detection accuracy of 99.7%.