MCGDroid: An android malware classification method based on multi-feature class-call graph characterization

Malicious software (malware) attacks constitute a major category of security risks affecting the Android operating system. Current Android malware classification approaches exhibit notable limitations: methods that ignore program semantic information often demonstrate suboptimal accuracy and robustn...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security Jg. 160; S. 104713
Hauptverfasser: He, Mingkun, Ge, Jike, Chen, Zuqin, Ling, Jin, Kong, Weiquan
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier Ltd 01.01.2026
Schlagworte:
Android malware
Class-call graph
Graph convolutional networks
Opcodes
Sensitive APIs
Sensitive APIs
Android malware
Graph convolutional networks
Class-call graph
Opcodes
ISSN:0167-4048
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Malicious software (malware) attacks constitute a major category of security risks affecting the Android operating system. Current Android malware classification approaches exhibit notable limitations: methods that ignore program semantic information often demonstrate suboptimal accuracy and robustness, while techniques leveraging control-flow or data-flow graph representations, though more effective, face computational challenges due to large graph sizes and high overhead. In response to these limitations, MCGDroid is introduced as a novel solution for classifying Android malware, utilizing a representation based on multi-feature class-call graphs. MCGDroid processes disassembled smali code to construct class-call graphs, where nodes are enriched with semantic features including opcodes and sensitive APIs. These class-call graphs, enriched with multiple features, are subsequently processed through a graph convolutional network to carry out malware detection and classification tasks. We confirmed the effectiveness and stability of the proposed method through comprehensive experimental evaluation. The experimental evaluation demonstrates that MCGDroid attains high detection and classification accuracies of 98.92% and 97.02%, respectively, with corresponding F1-scores of 98.54% and 96.65%. When evaluated on the obfuscated test set, the model maintains robust performance, achieving 93.12% detection accuracy and 86.26% classification accuracy.
ISSN:0167-4048
DOI:10.1016/j.cose.2025.104713