IoT-Based Android Malware Detection Using Graph Neural Network With Adversarial Defense
Since the Internet of Things (IoT) is widely adopted using Android applications, detecting malicious Android apps is essential. In recent years, Android graph-based deep learning research has proposed many approaches to extract relationships from the application as a graph to generate graph embeddin...
Saved in:
| Published in | IEEE internet of things journal Vol. 10; no. 10; pp. 8432 - 8444 |
|---|---|
| Main Authors | , , , |
| Format | Journal Article |
| Language | English |
| Published |
Piscataway
IEEE
15.05.2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
| ISSN | 2327-4662 2327-4662 |
| DOI | 10.1109/JIOT.2022.3188583 |
Cover
| Abstract | Since the Internet of Things (IoT) is widely adopted using Android applications, detecting malicious Android apps is essential. In recent years, Android graph-based deep learning research has proposed many approaches to extract relationships from the application as a graph to generate graph embeddings. First, we demonstrate the effectiveness of graph-based classification using graph neural networks (GNNs)-based classifier to generate API graph embedding. The graph embedding is used with "Permission" and "Intent" to train multiple machine learning and deep learning algorithms to detect Android malware. The classification achieved an accuracy of 98.33% in CICMaldroid and 98.68% in the Drebin data set. However, the graph-based deep learning is vulnerable as an attacker can add fake relationships to avoid detection by the classifier. Second, we propose a generative adversarial network (GAN)-based algorithm named VGAE-MalGAN to attack the graph-based GNN Android malware classifier. The VGAE-MalGAN generator generates adversarial malware API graphs, and the VGAE-MalGAN substitute detector (SD) tries to fit the detector. Experimental analysis shows that VGAE-MalGAN can effectively reduce the detection rate of GNN malware classifiers. Although the model fails to detect adversarial malware, experimental analysis shows that retraining the model with generated adversarial samples helps to combat adversarial attacks. |
|---|---|
| AbstractList | Since the Internet of Things (IoT) is widely adopted using Android applications, detecting malicious Android apps is essential. In recent years, Android graph-based deep learning research has proposed many approaches to extract relationships from the application as a graph to generate graph embeddings. First, we demonstrate the effectiveness of graph-based classification using graph neural networks (GNNs)-based classifier to generate API graph embedding. The graph embedding is used with “Permission” and “Intent” to train multiple machine learning and deep learning algorithms to detect Android malware. The classification achieved an accuracy of 98.33% in CICMaldroid and 98.68% in the Drebin data set. However, the graph-based deep learning is vulnerable as an attacker can add fake relationships to avoid detection by the classifier. Second, we propose a generative adversarial network (GAN)-based algorithm named VGAE-MalGAN to attack the graph-based GNN Android malware classifier. The VGAE-MalGAN generator generates adversarial malware API graphs, and the VGAE-MalGAN substitute detector (SD) tries to fit the detector. Experimental analysis shows that VGAE-MalGAN can effectively reduce the detection rate of GNN malware classifiers. Although the model fails to detect adversarial malware, experimental analysis shows that retraining the model with generated adversarial samples helps to combat adversarial attacks. |
| Author | Yumlembam, Rahul Jacob, Seibu Mary Yang, Longzhi Issac, Biju |
| Author_xml | – sequence: 1 givenname: Rahul orcidid: 0000-0002-0313-5731 surname: Yumlembam fullname: Yumlembam, Rahul email: rahul.yumlembam@northumbria.ac.uk organization: Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne, U.K – sequence: 2 givenname: Biju orcidid: 0000-0002-1109-8715 surname: Issac fullname: Issac, Biju email: bissac@ieee.org organization: Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne, U.K – sequence: 3 givenname: Seibu Mary surname: Jacob fullname: Jacob, Seibu Mary email: s.jacob@tees.ac.uk organization: School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough, U.K – sequence: 4 givenname: Longzhi orcidid: 0000-0003-2115-4909 surname: Yang fullname: Yang, Longzhi email: longzhi.yang@northumbria.ac.uk organization: Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne, U.K |
| BookMark | eNp9kE9LAzEQxYMoWGs_gHhZ8Lx1kuyf5FhbrZVqLy09Ltlk1qbW3ZpsLX57d2kR8SAMvIF5vxnmXZDTsiqRkCsKfUpB3j5NZvM-A8b6nAoRC35COoyzNIyShJ3-6s9Jz_s1ADRYTGXSIctJNQ_vlEcTDErjKmuCZ7XZK4fBCGvUta3KYOFt-RqMndqughfcObVppN5X7i1Y2noVDMwnOq-cbQYjLLD0eEnOCrXx2Dtqlywe7ufDx3A6G0-Gg2momeR1KHLDqIYIUppAwosiFwZZrjU0BZFSqYRccGFSGhvFIdcsbaap4ZGOTYG8S24Oe7eu-tihr7N1tXNlczJjAqSQEiBtXOnBpV3lvcMi07ZW7W-1U3aTUcjaILM2yKwNMjsG2ZD0D7l19l25r3-Z6wNjEfHHLwWNpIz5N_uQgDA |
| CODEN | IITJAU |
| CitedBy_id | crossref_primary_10_3390_fi16010032 crossref_primary_10_1007_s11227_025_07055_7 crossref_primary_10_1109_JIOT_2022_3229005 crossref_primary_10_1016_j_jisa_2022_103341 crossref_primary_10_1007_s11277_024_11128_w crossref_primary_10_3390_info14010002 crossref_primary_10_1111_exsy_13693 crossref_primary_10_1007_s11416_025_00546_4 crossref_primary_10_1016_j_cose_2023_103323 crossref_primary_10_1142_S2196888824500039 crossref_primary_10_1007_s11042_022_14236_6 crossref_primary_10_32604_csse_2024_052875 crossref_primary_10_1109_TIFS_2024_3350379 crossref_primary_10_1109_JIOT_2024_3394555 crossref_primary_10_1145_3605775 crossref_primary_10_1109_JPROC_2024_3369017 crossref_primary_10_1109_ACCESS_2023_3296789 crossref_primary_10_1109_ACCESS_2022_3219047 crossref_primary_10_17671_gazibtd_1553548 crossref_primary_10_1109_JIOT_2023_3293860 crossref_primary_10_1109_TDSC_2024_3409410 crossref_primary_10_1016_j_neucom_2023_126327 crossref_primary_10_1109_ACCESS_2024_3485706 crossref_primary_10_1109_TIFS_2024_3468891 crossref_primary_10_3390_app13106001 crossref_primary_10_1109_ACCESS_2023_3331739 crossref_primary_10_1016_j_compeleceng_2024_109544 crossref_primary_10_1109_JIOT_2024_3381281 crossref_primary_10_1016_j_iot_2024_101410 crossref_primary_10_1038_s41598_024_60982_y crossref_primary_10_3390_electronics13244965 crossref_primary_10_1186_s13635_025_00197_4 crossref_primary_10_3233_JCS_230041 crossref_primary_10_2174_0126662558279673240515054741 crossref_primary_10_1016_j_asoc_2024_111838 crossref_primary_10_1007_s44443_025_00024_3 crossref_primary_10_1109_ACCESS_2024_3415355 |
| Cites_doi | 10.1109/JSYST.2019.2906120 10.1145/3219819.3220078 10.1109/ACCESS.2020.3033026 10.1145/2619239.2631434 10.1007/978-3-319-11203-9_10 10.1007/s00500-019-04589-w 10.1109/ACCESS.2019.2919796 10.3390/sym13061081 10.3390/sym13071107 10.1145/3427228.3427245 10.1145/3319535.3354206 10.1016/j.neucom.2020.10.054 10.1109/ISEA-ISAP49340.2020.235015 10.1109/ASE.2019.00023 10.1109/NaNA51271.2020.00069 10.1145/3097983.3098026 10.1007/978-3-319-47121-1_5 10.1109/DSC49826.2021.9346277 10.14722/ndss.2014.23247 10.1109/TST.2016.7399288 10.1109/SSCI50451.2021.9659888 10.1109/TNN.2008.2005605 10.1109/TrustCom.2016.0070 10.3390/s22020513 10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/JIOT.2022.3188583 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Xplore CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2327-4662 |
| EndPage | 8444 |
| ExternalDocumentID | 10_1109_JIOT_2022_3188583 9814995 |
| Genre | orig-research |
| GroupedDBID | 0R~ 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABJNI ABQJQ ABVLG AGQYO AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ EBS IFIPE IPLJI JAVBF M43 OCL PQQKQ RIA RIE AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c293t-8bd21c040716063ffb8de2bcc0cc004aa790b838d715da30bc27bcc7d34c5dfe3 |
| IEDL.DBID | RIE |
| ISSN | 2327-4662 |
| IngestDate | Sun Jun 29 16:42:21 EDT 2025 Wed Oct 01 04:45:46 EDT 2025 Thu Apr 24 23:03:31 EDT 2025 Wed Aug 27 02:18:10 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Issue | 10 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c293t-8bd21c040716063ffb8de2bcc0cc004aa790b838d715da30bc27bcc7d34c5dfe3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0002-0313-5731 0000-0003-2115-4909 0000-0002-1109-8715 |
| PQID | 2809899007 |
| PQPubID | 2040421 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_9814995 crossref_primary_10_1109_JIOT_2022_3188583 proquest_journals_2809899007 crossref_citationtrail_10_1109_JIOT_2022_3188583 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2023-05-15 |
| PublicationDateYYYYMMDD | 2023-05-15 |
| PublicationDate_xml | – month: 05 year: 2023 text: 2023-05-15 day: 15 |
| PublicationDecade | 2020 |
| PublicationPlace | Piscataway |
| PublicationPlace_xml | – name: Piscataway |
| PublicationTitle | IEEE internet of things journal |
| PublicationTitleAbbrev | JIoT |
| PublicationYear | 2023 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref34 kipf (ref14) 2016 ref36 (ref4) 2022 ref30 ref33 ref10 ref32 hamilton (ref12) 2017 goodfellow (ref15) 2014; 27 (ref2) 2022 ref17 ref16 ref19 wan (ref35) 2021 wisniewski (ref13) 2021 ref24 hu (ref37) 2017 shishkova (ref31) 2022 ref23 ref26 ref25 ref20 ref22 ref21 (ref3) 2022 scarselli (ref11) 2009; 20 ref28 ref27 ref29 ref8 (ref1) 2022 ref7 allix (ref18) 2016 ref9 ref6 ref5 shishkova (ref38) 2022 |
| References_xml | – ident: ref28 doi: 10.1109/JSYST.2019.2906120 – ident: ref34 doi: 10.1145/3219819.3220078 – ident: ref21 doi: 10.1109/ACCESS.2020.3033026 – ident: ref27 doi: 10.1145/2619239.2631434 – ident: ref8 doi: 10.1007/978-3-319-11203-9_10 – year: 2022 ident: ref31 publication-title: Mobile malware evolution 2021 – year: 2022 ident: ref1 publication-title: Nokia – ident: ref25 doi: 10.1007/s00500-019-04589-w – year: 2021 ident: ref35 article-title: Adversarial attacks on graph classification via Bayesian optimisation publication-title: arxiv 2111 02842 – year: 2022 ident: ref4 publication-title: The independent IT security institute A Malware statistics trends report – year: 2022 ident: ref38 article-title: Securelist-Report – ident: ref20 doi: 10.1109/ACCESS.2019.2919796 – ident: ref29 doi: 10.3390/sym13061081 – start-page: 468 year: 2016 ident: ref18 article-title: AndroZoo: Collecting Millions of Android Apps for the Research Community publication-title: 2016 IEEE/ACM 13th Conference on Mining Software Repositories (MSR) – ident: ref23 doi: 10.3390/sym13071107 – ident: ref32 doi: 10.1145/3427228.3427245 – year: 2022 ident: ref3 publication-title: Norton – year: 2021 ident: ref13 publication-title: A Tool for Reverse Engineering Android Apk Files – ident: ref33 doi: 10.1145/3319535.3354206 – ident: ref10 doi: 10.1016/j.neucom.2020.10.054 – year: 2016 ident: ref14 article-title: Variational graph auto-encoders publication-title: arXiv 1611 07308 – ident: ref19 doi: 10.1109/ISEA-ISAP49340.2020.235015 – volume: 27 start-page: 1 year: 2014 ident: ref15 article-title: Generative adversarial nets publication-title: Proc Adv Neural Inf Process Syst – ident: ref7 doi: 10.1109/ASE.2019.00023 – year: 2022 ident: ref2 publication-title: SOFTPEDIA – year: 2017 ident: ref12 article-title: Inductive representation learning on large graphs publication-title: arXiv 1706 02216 – ident: ref9 doi: 10.1109/NaNA51271.2020.00069 – year: 2017 ident: ref37 article-title: Generating adversarial malware examples for black-box attacks based on GAN publication-title: arXiv 1702 05983 – ident: ref6 doi: 10.1145/3097983.3098026 – ident: ref5 doi: 10.1007/978-3-319-47121-1_5 – ident: ref30 doi: 10.1109/DSC49826.2021.9346277 – ident: ref17 doi: 10.14722/ndss.2014.23247 – ident: ref26 doi: 10.1109/TST.2016.7399288 – ident: ref22 doi: 10.1109/SSCI50451.2021.9659888 – volume: 20 start-page: 61 year: 2009 ident: ref11 article-title: The graph neural network model publication-title: IEEE Trans Neural Netw doi: 10.1109/TNN.2008.2005605 – ident: ref24 doi: 10.1109/TrustCom.2016.0070 – ident: ref36 doi: 10.3390/s22020513 – ident: ref16 doi: 10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094 |
| SSID | ssj0001105196 |
| Score | 2.5170815 |
| Snippet | Since the Internet of Things (IoT) is widely adopted using Android applications, detecting malicious Android apps is essential. In recent years, Android... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 8432 |
| SubjectTerms | Algorithms Android Classification Classification algorithms Classifiers Codes Cybersecurity Deep learning Detectors Embedding Feature extraction generative adversarial network (GAN) Generative adversarial networks graph neural network (GNN) Graph neural networks Internet of Things Internet of Things (IoT) Machine learning Malware Neural networks |
| Title | IoT-Based Android Malware Detection Using Graph Neural Network With Adversarial Defense |
| URI | https://ieeexplore.ieee.org/document/9814995 https://www.proquest.com/docview/2809899007 |
| Volume | 10 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE/IET Electronic Library customDbUrl: eissn: 2327-4662 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0001105196 issn: 2327-4662 databaseCode: RIE dateStart: 20140101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LSwMxEB60Jy--qlhf5OBJ3Jrd7HaTo-8qtF4qelvyRLG0UrcI_noz2W3FByLsIbDJEjLJznzJl28ADoR1VjrtIsG5iVJBWSSUX49SKmeYRg01PNHt9Tvdu_TmIXtYgKP5XRhrbSCf2TYWw1m-GespbpUdC-7jeZEtwmLOO9Vdrc_9lBiDkU59cBlTcXxzfTvwADBJPC7lPOPsi-sJuVR-_ICDV7lcgd6sPxWZ5Lk9LVVbv3-Tavxvh1dhuQ4vyUk1H9ZgwY7WYWWWuoHUK7kJ99fjQXTqPZghSGkcPxnSk8M3ObHk3JaBnjUigU5ArlDSmqCIh_9wv2KNk_un8pGEZM6vEqewb-U8ILYbcHd5MTjrRnWOhUh7R19GXJkk1hRhnYcyzDnFjU2U1tQ_NJUyF1Rxxk0eZ0YyqnSS-7e5YanOjLNsExqj8chuAekYlPsyHv8kLtU8k0bmiUwFc9TZOJMtoLPhL3QtQI55MIZFACJUFGixAi1W1BZrweG8yUulvvFX5SZaYF6xHvwW7M5sXNTr87VIOBUeafoAafv3VjuwhInlkScQZ7vQKCdTu-fDj1Lth3n3ARlK2MU |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTxsxEB7RcGgvBEqrhkLrA6eqG7xrO2sfeZQmQNJLENxWfqoIlCDYCIlfX493k6oPVZX2YGntleWxd-azP38DsK988DrYkCkpXcYVZZkycT1qbYJjFjXU8ER3PBkML_nZtbheg8-ruzDe-0Q-830sprN8N7cL3Co7UDLG80q8gHXBORfNba2fOyo5hiOD9ugyp-rgbPRtGiFgUURkKqWQ7Bfnk7Kp_PELTn7ltAvjZY8aOsltf1Gbvn3-Tazxf7u8CRttgEkOmxmxBWt-9hq6y-QNpF3L23A1mk-zo-jDHEFS4_zGkbG-e9IPnpz4OhG0ZiQRCshXFLUmKOMRPzxpeOPk6qb-TlI650eNkzi2ChES-zdwefplejzM2iwLmY2uvs6kcUVuKQK7CGZYCEY6XxhraXwo17pU1EgmXZkLpxk1tijj29IxboULnr2Fzmw-8--ADBwKfrmIgIrArRTa6bLQXLFAg8-F7gFdDn9lWwlyzIRxVyUoQlWFFqvQYlVrsR58WjW5b_Q3_lV5Gy2wqtgOfg92lzau2hX6WBWSqog1Y4i08_dWH-HlcDq-qC5Gk_P38ArTzCNrIBe70KkfFn4vBiO1-ZDm4A-agNwS |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=IoT-Based+Android+Malware+Detection+Using+Graph+Neural+Network+With+Adversarial+Defense&rft.jtitle=IEEE+internet+of+things+journal&rft.au=Yumlembam%2C+Rahul&rft.au=Issac%2C+Biju&rft.au=Jacob%2C+Seibu+Mary&rft.au=Yang%2C+Longzhi&rft.date=2023-05-15&rft.issn=2327-4662&rft.eissn=2327-4662&rft.volume=10&rft.issue=10&rft.spage=8432&rft.epage=8444&rft_id=info:doi/10.1109%2FJIOT.2022.3188583&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_JIOT_2022_3188583 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2327-4662&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2327-4662&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2327-4662&client=summon |