GNSTAM: Integrating Graph Networks With Spatial and Temporal Signature Analysis for Enhanced Android Malware Detection

The sophistication of Android malware poses significant threats to user security and privacy. Traditional detection methods struggle with rapid malware evolution and benign application diversity, leading to high false positive rates and limited adaptability. This paper introduces a hybrid methodology leveraging advanced machine learning techniques to enhance accuracy and adaptability in Android malware detection. It begins with collecting and preprocessing a comprehensive dataset of benign and malicious applications. An efficient Generative Adversarial Network (GAN) is employed to generate synthetic malware samples, effectively augmenting the dataset and enhancing the diversity of the malware samples under study process. To model the intricate relationships between applications, an efficient Graph Neural Network (GNN) process is utilized. Incorporating transformers, sequences of system and API calls are analyzed, harnessing this ability to discern patterns indicative of malicious activities. Additionally, a one-shot learning model tailored for the detection of new malware variants with minimal examples is introduced, enabling rapid adaptation to emerging threats. Federated learning preserves user privacy by training the model across a distributed network. A reinforcement learning model initiates proactive defenses, identifying optimal actions against malware threats. This methodology advances Android malware detection, showing over 5.9% improvement in detection accuracy, 4.5% reduction in false positives, and enhanced adaptability to new malware variants. It ensures enhanced security for Android users while preserving privacy. Evaluation results highlight its practical applicability in real-time scenarios.