Research on Android malware has progressed rapidly, yet the task of distinguishing malicious from benign applications continues to test the limits of automated analysis. Earlier work, dominated by static signature matching, frequently struggles when novel or obfuscated samples appear. Contemporary graph–based pipelines alleviate some of these shortcomings by modelling control and data dependencies, but their reliance on pairwise relations often blurs higher–order interactions that experienced adversaries nurture when crafting evasive variants. These observations motivate a return to first principles: we require representations that faithfully encode behaviours without incurring prohibitive overhead. In this study we revisit the problem through the lens of hypergraph representation learning. Treating an application as a hypergraph allows one to encode joint behaviours—such as the co-invocation of critical API calls inside a single execution context—that cannot be decomposed into simple edges without information loss. Building on this representation, we introduce HGANN-Mal, a Hypergraph Attention Neural Network that adaptively emphasises semantically salient hyperedges while softening the influence of spurious ones. The model derives its signals from static analysis to extract structural and semantic features. Importantly, on the Drebin dataset, HGANN-Mal achieves a Macro-F1 score of 97.8% and an accuracy of 98.3% in binary malware detection, significantly outperforming graph-based and static hypergraph methods. Our findings validate that the proposed attention-based hypergraph model provides a more exhaustive and precise solution for detecting sophisticated Android malware.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

HGANN-Mal: A Hypergraph Attention Neural Network Approach for Android Malware Detection

  • Mohammad Reza Norouzian,
  • Claudia Eckert

摘要

Research on Android malware has progressed rapidly, yet the task of distinguishing malicious from benign applications continues to test the limits of automated analysis. Earlier work, dominated by static signature matching, frequently struggles when novel or obfuscated samples appear. Contemporary graph–based pipelines alleviate some of these shortcomings by modelling control and data dependencies, but their reliance on pairwise relations often blurs higher–order interactions that experienced adversaries nurture when crafting evasive variants. These observations motivate a return to first principles: we require representations that faithfully encode behaviours without incurring prohibitive overhead. In this study we revisit the problem through the lens of hypergraph representation learning. Treating an application as a hypergraph allows one to encode joint behaviours—such as the co-invocation of critical API calls inside a single execution context—that cannot be decomposed into simple edges without information loss. Building on this representation, we introduce HGANN-Mal, a Hypergraph Attention Neural Network that adaptively emphasises semantically salient hyperedges while softening the influence of spurious ones. The model derives its signals from static analysis to extract structural and semantic features. Importantly, on the Drebin dataset, HGANN-Mal achieves a Macro-F1 score of 97.8% and an accuracy of 98.3% in binary malware detection, significantly outperforming graph-based and static hypergraph methods. Our findings validate that the proposed attention-based hypergraph model provides a more exhaustive and precise solution for detecting sophisticated Android malware.