Paper Reading Graph Embedding based Familial Analysis of Android Malware using Unsupervised Learning

High-level

Summary:

Attack the problem of supervised approach — lack of labels. SRA — similarity of structural roles for sensitive APIs in sub-graphs. A malware link network is constructed based on SRAs and malware are grouped correspondingly using community detection algorithms.

Evaluation:

0.7~0.8 in terms of NMI

Takeaways:

Practical Value

What you can learn from this to make your research better?

we use struc2vec [34] as our default graph embedding technique.

Details and Problems From the presenters’ point of view, what questions might audience ask?

Specifically, we abstract the program semantics of an app into an FCG representation,

FCG is function call graph.

Divide FCG into sub-graphs according to the file structures

Second, although CFG is a fine-grained graph model that contains detail information of the basic blocks in methods, the extraction and analysis of CFGs is a time-consuming job that requires considerable computational resources