Saved in:
Bibliographic Details
Main Authors: Ipek, Merve Cigdem, Sen, Sevil
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2503.07109
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916648221409280
author Ipek, Merve Cigdem
Sen, Sevil
author_facet Ipek, Merve Cigdem
Sen, Sevil
contents With the escalating threat of malware, particularly on mobile devices, the demand for effective analysis methods has never been higher. While existing security solutions, including AI-based approaches, offer promise, their lack of transparency constraints the understanding of detected threats. Manual analysis remains time-consuming and reliant on scarce expertise. To address these challenges, we propose a novel approach called XAIDroid that leverages graph neural networks (GNNs) and graph attention mechanisms for automatically locating malicious code snippets within malware. By representing code as API call graphs, XAIDroid captures semantic context and enhances resilience against obfuscation. Utilizing the Graph Attention Model (GAM) and Graph Attention Network (GAT), we assign importance scores to API nodes, facilitating focused attention on critical information for malicious code localization. Evaluation on synthetic and real-world malware datasets demonstrates the efficacy of our approach, achieving high recall and F1-score rates for malicious code localization. The successful implementation of automatic malicious code localization enhances the scalability, interpretability, and reliability of malware analysis.
format Preprint
id arxiv_https___arxiv_org_abs_2503_07109
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Explainable Android Malware Detection and Malicious Code Localization Using Graph Attention
Ipek, Merve Cigdem
Sen, Sevil
Cryptography and Security
With the escalating threat of malware, particularly on mobile devices, the demand for effective analysis methods has never been higher. While existing security solutions, including AI-based approaches, offer promise, their lack of transparency constraints the understanding of detected threats. Manual analysis remains time-consuming and reliant on scarce expertise. To address these challenges, we propose a novel approach called XAIDroid that leverages graph neural networks (GNNs) and graph attention mechanisms for automatically locating malicious code snippets within malware. By representing code as API call graphs, XAIDroid captures semantic context and enhances resilience against obfuscation. Utilizing the Graph Attention Model (GAM) and Graph Attention Network (GAT), we assign importance scores to API nodes, facilitating focused attention on critical information for malicious code localization. Evaluation on synthetic and real-world malware datasets demonstrates the efficacy of our approach, achieving high recall and F1-score rates for malicious code localization. The successful implementation of automatic malicious code localization enhances the scalability, interpretability, and reliability of malware analysis.
title Explainable Android Malware Detection and Malicious Code Localization Using Graph Attention
topic Cryptography and Security
url https://arxiv.org/abs/2503.07109