TY - GEN
T1 - A Structural-Semantic Approach Integrating Graph-Based and Large Language Models Representation to Detect Android Malware
AU - Khan, Irshad
AU - Kwon, Young Woo
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2024.
PY - 2024
Y1 - 2024
N2 - The Android operating system’s dominance in the smartphone market cements its pivotal role in shaping contemporary connectivity and technological innovation, with the rate of application development increasing at an unprecedented rate. However, this rapid growth also presents challenges, as malicious actors exploit vulnerabilities to infiltrate systems with malware, posing substantial threats to individual users and organizations. Security experts continuously develop strategies and methods to address these challenges. However, the evolving nature of these attacks presents ongoing challenges to security measures aimed at detecting emerging malware. While deep learning methods offer promise by leveraging multi-level features for more adaptive malware detection, many existing approaches focus primarily on high-level features such as permissions and data flow, potentially limiting their long-term efficacy. To gain a deeper understanding of the nature of these attacks, it is crucial for existing approaches to pay more attention to the essential structural and semantic aspects of Android applications. We propose a multi-level technique utilizing graph-based representations to capture high-level structural information effectively. We extract detailed source-level information by integrating pre-trained large language models (LLMs), learning deeper syntax and semantic features. Combining both, we attribute the graph-based representation of Android applications with source-level features. Leveraging graph convolutional neural networks, we comprehensively process and analyze these graphs. Our proposed methods demonstrate superior results compared to existing and baseline approaches. This work offers an innovative approach to understanding malware at high structural, low source, and semantic levels, enhancing cybersecurity defenses against evolving threats in the dynamic landscape of Android security.
AB - The Android operating system’s dominance in the smartphone market cements its pivotal role in shaping contemporary connectivity and technological innovation, with the rate of application development increasing at an unprecedented rate. However, this rapid growth also presents challenges, as malicious actors exploit vulnerabilities to infiltrate systems with malware, posing substantial threats to individual users and organizations. Security experts continuously develop strategies and methods to address these challenges. However, the evolving nature of these attacks presents ongoing challenges to security measures aimed at detecting emerging malware. While deep learning methods offer promise by leveraging multi-level features for more adaptive malware detection, many existing approaches focus primarily on high-level features such as permissions and data flow, potentially limiting their long-term efficacy. To gain a deeper understanding of the nature of these attacks, it is crucial for existing approaches to pay more attention to the essential structural and semantic aspects of Android applications. We propose a multi-level technique utilizing graph-based representations to capture high-level structural information effectively. We extract detailed source-level information by integrating pre-trained large language models (LLMs), learning deeper syntax and semantic features. Combining both, we attribute the graph-based representation of Android applications with source-level features. Leveraging graph convolutional neural networks, we comprehensively process and analyze these graphs. Our proposed methods demonstrate superior results compared to existing and baseline approaches. This work offers an innovative approach to understanding malware at high structural, low source, and semantic levels, enhancing cybersecurity defenses against evolving threats in the dynamic landscape of Android security.
KW - Android malware
KW - Attributed graphs
KW - Graph attention network
KW - Graph classification
KW - LLM
UR - https://www.scopus.com/pages/publications/85200747240
U2 - 10.1007/978-3-031-65175-5_20
DO - 10.1007/978-3-031-65175-5_20
M3 - Conference contribution
AN - SCOPUS:85200747240
SN - 9783031651748
T3 - IFIP Advances in Information and Communication Technology
SP - 279
EP - 293
BT - ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings
A2 - Pitropakis, Nikolaos
A2 - Katsikas, Sokratis
A2 - Furnell, Steven
A2 - Markantonakis, Konstantinos
PB - Springer Science and Business Media Deutschland GmbH
T2 - 39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024
Y2 - 12 June 2024 through 14 June 2024
ER -