Since the Internet of Things (IoT) is widely adopted using Android applications, detecting malicious Android apps is essential. In recent years, Android graph-based deep learning research has proposed many approaches to extract relationships from applications as graphs to generate graph embeddings. First, we demonstrate the effectiveness of graph-based classification using a Graph Neural Network (GNN)-based classifier to generate API graph embeddings. The graph embeddings are combined with Permission and Intent features to train multiple machine learning and deep learning models for Android malware detection. The proposed classification approach achieves an accuracy of 98.33 percent on the CICMaldroid dataset and 98.68 percent on the Drebin dataset. However, graph-based deep learning models are vulnerable, as attackers can add fake relationships to evade detection by the classifier. Second, we propose a Generative Adversarial Network (GAN)-based attack algorithm named VGAE-MalGAN targeting graph-based GNN Android malware classifiers. The VGAE-MalGAN generator produces adversarial malware API graphs, while the VGAE-MalGAN substitute detector attempts to mimic the target detector. Experimental results show that VGAE-MalGAN can significantly reduce the detection rate of GNN-based malware classifiers. Although the model initially fails to detect adversarial malware, retraining with generated adversarial samples improves robustness and helps mitigate adversarial attacks.

翻译：随着物联网(IoT)广泛采用Android应用程序，检测恶意Android应用变得至关重要。近年来，基于图的Android深度学习研究提出了多种方法，将应用程序中的关系提取为图结构以生成图嵌入表示。首先，我们验证了基于图神经网络的分类器通过生成API图嵌入进行图分类的有效性。这些图嵌入与权限和意图特征相结合，用于训练多种机器学习和深度学习模型以实现Android恶意软件检测。所提出的分类方法在CICMaldroid数据集上达到了98.33%的准确率，在Drebin数据集上达到了98.68%的准确率。然而，基于图的深度学习模型存在脆弱性，攻击者可通过添加虚假关系来逃避分类器检测。其次，我们提出了一种基于生成对抗网络的攻击算法VGAE-MalGAN，专门针对基于图的GNN Android恶意软件分类器。VGAE-MalGAN生成器产生对抗性恶意软件API图，而VGAE-MalGAN替代检测器则尝试模拟目标检测器。实验结果表明，VGAE-MalGAN能显著降低基于GNN的恶意软件分类器的检测率。虽然模型初始无法检测对抗性恶意软件，但通过使用生成的对抗样本进行再训练，可提升模型鲁棒性并有效缓解对抗攻击。