论文信息 - GraphEvolveDroid: Mitigate Model Degradation in the Scenario of Android Ecosystem Evolution

GraphEvolveDroid: Mitigate Model Degradation in the Scenario of Android Ecosystem Evolution

Machine learning-based Android malware detection models suffer from model degradation over time due to ecosystem evolution, which means models trained on history data perform poorly on newly arrived data. Existing solutions to handle the above problem focus on sophisticated feature engineering to find stable features, which is labor-intensive. In this paper, we try to mitigate model degradation by substituting the representation paradigm from Euclidean (vector) to non-Euclidean (graph) without changing features and propose a graph-based Android malware detection model called GraphEvolveDroid. Specifically, we first construct a directed evolutionary network with the KNN model, where each node represents an APP and the starting APP node of each edge is the ancestor of the ending APP node. Then we use stacked GCN layers to transmit the information of ancestor nodes to child nodes so that the shift of the distribution of child nodes can be suppressed. Experimental results on a large real dataset spanning three years demonstrate that GraphEvolveDroid could significantly mitigate model degradation because of slowing down the shift of data distribution.

Yonghao Gu | Liangxun Li | Yonghao Gu | Liangxun Li

[1] Lorenzo Cavallaro,et al. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time , 2018, USENIX Security Symposium.

[2] Leonidas J. Guibas,et al. PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks , 2018, ICLR.

[3] Jure Leskovec,et al. Inductive Representation Learning on Large Graphs , 2017, NIPS.

[4] Min Yang,et al. Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware , 2020, CCS.

[5] Gianluca Stringhini,et al. MaMaDroid , 2019, ACM Trans. Priv. Secur..

[6] Konrad Rieck,et al. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[7] Peng Cui,et al. Towards Non-I.I.D. image classification: A dataset and baselines , 2019, Pattern Recognit..

[8] Qi Li,et al. EveDroid: Event-Aware Android Malware Detection Against Model Degrading for IoT Devices , 2019, IEEE Internet of Things Journal.

[9] Krishnendu Ghosh,et al. Automated Construction of Malware Families , 2019, SpaCCS.

[10] Jonathon Shlens,et al. Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[11] Kilian Q. Weinberger,et al. Simplifying Graph Convolutional Networks , 2019, ICML.