HGNNDroid: Android Malware Detection Based on Heterogeneous Graph Neural Network

With the rapid development of mobile internet, smartphones have become indispensable tools in people's daily lives. As the predominant mobile operating system, Android records various user information, making it a prime target for malicious attacks. In response to the increasing threat of malware, scholars have proposed various feature extraction methods and innovative models to detect Android malware. Researchers have introduced detection methods based on heterogeneous graph to leverage the intrinsic information and the correlation information of samples. However, existing methods lack sufficient mining of semantic information from feature nodes. To address this issue, we propose HGNNDroid, an Android malware detection method based on hybrid analysis and a heterogeneous graph neural network. It utilizes hybrid analysis to extract features from APK files, constructing a more comprehensive behavioral profile of the samples. Subsequently, a heterogeneous graph neural network with a two-layer semantic fusion mechanism performs the classification task. The network aggregates the semantic information of features from different perspectives and utilizes meta-paths to discover the potential structural relationships, thereby achieving more accurate Android malware detection. On the CICMalDroid 2020 dataset, the F1-score reached 98.72%, outperforming HAWK and five other methods.