HAWK: Rapid Android Malware Detection through Heterogeneous Graph Attention Networks

Kavli Affiliate: Lihong Wang

| First 5 Authors: Yiming Hei, Renyu Yang, Hao Peng, Lihong Wang, Xiaolin Xu

| Summary:

Android is undergoing unprecedented malicious threats daily, but the existing
methods for malware detection often fail to cope with evolving camouflage in
malware. To address this issue, we present HAWK, a new malware detection
framework for evolutionary Android applications. We model Android entities and
behavioural relationships as a heterogeneous information network (HIN),
exploiting its rich semantic metastructures for specifying implicit
higher-order relationships. An incremental learning model is created to handle
the applications that manifest dynamically, without the need for
re-constructing the whole HIN and the subsequent embedding model. The model can
pinpoint rapidly the proximity between a new application and existing in-sample
applications and aggregate their numerical embeddings under various semantics.
Our experiments examine more than 80,860 malicious and 100,375 benign
applications developed over a period of seven years, showing that HAWK achieves
the highest detection accuracy against baselines and takes only 3.5ms on
average to detect an out-of-sample application, with the accelerated training
time of 50x faster than the existing approach.

| Search Query: ArXiv Query: search_query=au:”Lihong Wang”&id_list=&start=0&max_results=10

Read More

Leave a Reply