MCGDroid: An android malware classification method based on multi-feature class-call graph characterization

Malicious software (malware) attacks constitute a major category of security risks affecting the Android operating system. Current Android malware classification approaches exhibit notable limitations: methods that ignore program semantic information often demonstrate suboptimal accuracy and robustn...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security Vol. 160; p. 104713
Main Authors: He, Mingkun, Ge, Jike, Chen, Zuqin, Ling, Jin, Kong, Weiquan
Format: Journal Article
Language:English
Published: Elsevier Ltd 01.01.2026
Subjects:
Android malware
Class-call graph
Graph convolutional networks
Opcodes
Sensitive APIs
Sensitive APIs
Android malware
Graph convolutional networks
Class-call graph
Opcodes
ISSN:0167-4048
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Malicious software (malware) attacks constitute a major category of security risks affecting the Android operating system. Current Android malware classification approaches exhibit notable limitations: methods that ignore program semantic information often demonstrate suboptimal accuracy and robustness, while techniques leveraging control-flow or data-flow graph representations, though more effective, face computational challenges due to large graph sizes and high overhead. In response to these limitations, MCGDroid is introduced as a novel solution for classifying Android malware, utilizing a representation based on multi-feature class-call graphs. MCGDroid processes disassembled smali code to construct class-call graphs, where nodes are enriched with semantic features including opcodes and sensitive APIs. These class-call graphs, enriched with multiple features, are subsequently processed through a graph convolutional network to carry out malware detection and classification tasks. We confirmed the effectiveness and stability of the proposed method through comprehensive experimental evaluation. The experimental evaluation demonstrates that MCGDroid attains high detection and classification accuracies of 98.92% and 97.02%, respectively, with corresponding F1-scores of 98.54% and 96.65%. When evaluated on the obfuscated test set, the model maintains robust performance, achieving 93.12% detection accuracy and 86.26% classification accuracy.
ISSN:0167-4048
DOI:10.1016/j.cose.2025.104713