A novel graph neural network-based approach for android malware detection

With the rapid development of the Internet of Things (IoT) and the Internet of Vehicles (IoV), smartphones have evolved into central hubs for connecting users with various smart devices, making their security increasingly vital. However, the growing prevalence of malicious mobile applications poses significant threats to user privacy and digital assets. Existing machine learning-based mobile malware detection methods often face limitations in terms of robustness and interpretability. To address these challenges, we propose GRED (GNN-based Robust and Explainable Malware Detection), an Android malware detection model that leverages graph neural networks to precisely identify malicious behavior while enhancing both robustness and interpretability. GRED refines Android function call graphs, extracts semantic and structural API features, and utilizes a Top-K-based GNN architecture for effective malware detection. Additionally, it offers multi-perspective interpretability analysis to support an in-depth understanding of detection results. Extensive experiments conducted on two large datasets demonstrate that GRED achieves superior performance compared to existing methods. The interpretability module effectively pinpoints malicious behaviors, thereby assisting security analysts in subsequent investigation and mitigation efforts.