TY - JOUR ID - 159681 TI - Android Malware Detection Using One-Class Graph Neural Networks JO - The ISC International Journal of Information Security JA - ISECURE LA - en SN - 2008-2045 AU - Deldar, Fatemeh AU - Abadi, Mahdi AU - Ebrahimifard, Mohammad AD - Department of Computer Engineering, Tarbiat Modares University, Tehran, Iran Y1 - 2022 PY - 2022 VL - 14 IS - 3 SP - 51 EP - 60 KW - Android Malware Detection KW - Attributed Function Call Graph KW - Graph Convolutional Layer KW - One-Class Classification KW - Semi-Supervised Deep Learning KW - Stacked Graph Autoencoder DO - 10.22042/isecure.2022.14.3.6 N2 - With the widespread use of Android smartphones, the Android platform has become an attractive target for cybersecurity attackers and malware authors. Meanwhile, the growing emergence of zero-day malware has long been a major concern for cybersecurity researchers. This is because malware that has not been seen before often exhibits new or unknown behaviors, and there is no documented defense against it. In recent years, deep learning has become the dominant machine learning technique for malware detection and could achieve outstanding achievements. Currently, most deep malware detectiontechniques are supervised in nature and require training on large datasets of benign and malicious samples. However, supervised techniques usually do not perform well against zero-day malware. Semi-supervised and unsupervised deep malware detection techniques have more potential to detect previously unseen malware. In this paper, we present MalGAE, a novel end-to-end deep malware detection technique that leverages one-class graph neural networks to detect Android malware in a semi-supervised manner. MalGAE represents each Android application with an attributed function call graph (AFCG) to benefit the ability of graphs to model complex relationships between data. It builds a deep one-class classifier by training a stacked graph autoencoder with graph convolutional layers on benign AFCGs. Experimental results show that MalGAE can achieve good detection performance in terms of different evaluation measures. UR - https://www.isecure-journal.com/article_159681.html L1 - https://www.isecure-journal.com/article_159681_56ce65dea909f10fe5e79c896e9d4133.pdf ER -