An Android malicious code detection method and system based on a graph neural network
By combining Deep Q-Network (DQN) adaptive feature selection with Graph Neural Network (GIN), the problem of feature engineering relying on human experience and having high computational overhead in existing technologies is solved, and efficient and robust Android malware detection is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HUNAN POLICE ACAD
- Filing Date
- 2026-02-06
- Publication Date
- 2026-06-12
Smart Images

Figure CN122197009A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of network security technology, specifically to an Android malware detection method and system based on graph neural networks. Background Technology
[0002] With the rapid development of mobile internet, the Android platform has become a primary target for malware attacks. The number and complexity of malware are constantly increasing, and traditional signature-based and heuristic detection methods have poor generalization to unknown attacks and are easily evaded by obfuscation techniques. Graph Neural Networks (GNNs), due to their ability to model complex relationships within data, have become a powerful tool for malware detection. They achieve effective detection by learning robust embeddings from malware represented as graph structures. However, existing GNN-based malware detection methods suffer from the following technical drawbacks: feature engineering relies on human experience, requiring the extraction of a large number of high-dimensional features from function call graphs, resulting in huge computational overhead; feature dimensional redundancy leads to a large number of GNN model parameters, long training time, and low inference efficiency; the lack of an adaptive feature selection mechanism prevents dynamic optimization of feature combinations based on specific dataset characteristics; and insufficient robustness against adversarial attacks. Therefore, we propose a graph neural network-based Android malware detection method and system. Summary of the Invention
[0003] To address the shortcomings of existing technologies, this invention provides an Android malware detection method based on graph neural networks, comprising: S1, data preprocessing and multi-dimensional graph feature extraction, obtaining function call graph data of Android applications, wherein the function call graph is represented by a directed graph G=(V,E), where V is the set of function nodes and E is the set of function call edges, and calculating 32-dimensional graph structure features for each node of each function call graph; S2. Based on the adaptive feature selection of deep Q-network, a deep Q-network agent is constructed. The agent represents the state of the current feature subset as a 32-dimensional binary mask vector, the action of adding or deleting features as a 64-dimensional discrete action space, and the difference between the current GNN classification accuracy and the accuracy of the previous state as the incremental reward signal. An empirical replay buffer is used to store the transition samples (s,a,r,s′). The target network is used to stabilize the training process. An ε-greedy strategy is used to balance exploration and utilization. The maximum number of features selected is constrained to 16. The agent is trained to learn the optimal feature combination strategy and finally selects a 14-dimensional key feature subset from the 32-dimensional features. S3. Graph Neural Network Classification and Detection: The 14-dimensional key features are used as node features and input into the graph neural network classifier. The classifier adopts a graph isomorphic network (GIN) architecture and follows the Weisfeiler-Lehman graph isomorphic testing framework for multi-layer message passing and graph-level readout. Node embedding and updating are achieved through a multilayer perceptron, and the whole graph representation is aggregated using a concatenation and summation readout function to output malware type classification results.
[0004] Furthermore, the 32-dimensional graph structure features are specifically defined as follows: Degree-related features: in-degree, out-degree, total degree, mean neighbor degree, maximum neighbor degree, minimum neighbor degree, and variance of neighbor degree; Link analysis and influence characteristics: PageRank value, local clustering coefficient; Subgraph structure and core features: Node participation in triangle counting, quadrilateral counting, and K-core count; Centrality characteristics: proximity centrality, betweenness centrality, eigenvector centrality, load centrality; Structural role characteristics: Hub score, Authority score, and Bridging score of the HITS algorithm; Path and connectivity features: reciprocity, BFS depth, DFS depth, average shortest path length, eccentricity, size of strongly connected components, size of weakly connected components; Ratios and specific algorithm characteristics: in-degree ratio, out-degree ratio, local reach centrality (in direction), local reach centrality (out direction), triangular phantom participation, and star phantom participation.
[0005] Furthermore, the specific implementation of the adaptive feature selection based on deep Q-networks includes: State space design: A 32-dimensional binary vector is used to represent the current selection state of the feature subset. Each dimension corresponds to the selection state of a graph feature, with 1 indicating selection and 0 indicating non-selection. Action space design: Define 64 discrete actions, where actions 0-31 represent adding features with corresponding indices, and actions 32-63 represent deleting features with corresponding indices; Reward function design: An incremental reward mechanism is adopted. ; in This represents the GNN classification accuracy under the current feature subset; Network architecture design: Both the main network and the target network of DQN adopt a three-layer fully connected neural network with a hidden layer dimension of 128, an input dimension of 32, and an output dimension of 64. Training strategy: Initialize the exploration rate ε=1.0, and decrease it by a decay rate of 0.995 after each episode, with a minimum of 0.05; synchronize the parameters of the target network every 10 training episodes; the experience replay buffer has a capacity of 10000, and 500 experiences are pre-filled before training.
[0006] Furthermore, the 14-dimensional key feature subset includes: In-degree, mean neighbor degree, minimum neighbor degree, triangle count, proximity centrality, eigenvector centrality, load centrality, hub score, DFS depth, average shortest path, local reach centrality (in direction), local reach centrality (out direction), triangle motif participation, star motif participation.
[0007] Furthermore, the graph isomorphic network classifier includes: Node embedding update layer: Implemented using a GIN convolutional layer, the update formula is as follows: ; in, Let N(v) represent the representation vector of node v at level l, and N(v) be the set of neighbors of node v. It can be a learnable scalar parameter or fixed at 0. It is a multilayer perceptron network; Level readout layer: Employs a cross-level splicing and summation readout mechanism, with the following formula: ; Let L be the vector representing the entire graph, and L be the total number of network layers. Classification output layer: Represents vectors as graphs Input a fully connected layer and a Softmax function, and output the probability distribution of malware categories.
[0008] Furthermore, the graph neural network classifier also includes: A variant of Graph Convolutional Networks (GCNs) with the following single-layer propagation rules: ; in, To add a self-loop to the adjacency matrix, For degree matrix, Let the matrix represent the nodes of the l-th layer. Let σ be the learnable weight matrix, and σ be the activation function. The main neighborhood aggregation network (PNA) variant combines multiple aggregators with a degree-related scaler: in, For the scaler, α is the scaling exponent, and ⨁ represents the concatenation operation; A variant of the Spectral Attention Network (SAN) that combines Laplacian positional encoding with the Transformer attention mechanism: Calculate the eigenvalue decomposition of the normalized Laplacian matrix The feature vectors corresponding to the k smallest non-zero feature values are taken as the position codes. Attention computation introduces graph-based bias terms Capture the structural relationships between nodes.
[0009] An Android malware detection system based on graph neural networks includes: Data preprocessing module: includes APK decompilation unit, Smali code parsing unit, function call graph construction unit, 32-dimensional feature parallel computing unit, and feature cache management unit; The DQN feature selection module includes a state encoder, a DQN main network, a DQN target network, an experience replay buffer, an ε-greedy policy decision-maker, and a feature constraint validator. GNN classification and detection module: includes graph data loader, node feature injector, GIN / GCN / PNA / SAN graph neural network unit, graph-level readout aggregator, and malware classifier; Model training and evaluation module: configured to perform dataset partitioning, hyperparameter configuration, training loop control, performance metric calculation, and result visualization output.
[0010] Furthermore, in the DQN feature selection module: The state encoder encodes the current feature subset into a 32-dimensional binary vector and calculates the current number of features to verify the constraint that does not exceed 16. The DQN main network and target network use the same architecture: 32 neurons in the input layer → 128 neurons in the first hidden layer (ReLU activation) → 128 neurons in the second hidden layer (ReLU activation) → 64 neurons in the output layer; The experience replay buffer uses either a priority experience replay or uniform sampling strategy to store quadruples. Supports small-batch random sampling; The ε-greedy policy decision-maker randomly selects an action with probability ε and selects the action with the largest Q value with probability 1-ε, dynamically decaying the exploration rate as the training process progresses; Before performing an add action, the feature constraint validator checks the number of currently selected features. If the number has reached 16, the action is rejected. Before performing a delete action, the validator checks the number of currently selected features. If only 1 feature remains, the action is rejected, thus ensuring the validity of the solution space.
[0011] Furthermore, in the GNN classification and detection module: The graph data loader reads the edge list file from the local cache, parses it into a directed graph structure, and loads the corresponding 14-dimensional node feature matrix; The node feature injector maps the 14-dimensional features selected by DQN to the input layer of the graph neural network, compressing the feature dimension from 32 to 14. The GIN graph neural network unit contains 3-5 GIN convolutional layers, each followed by batch normalization and ReLU activation, and dropout regularization to prevent overfitting; The graph-level readout aggregator aggregates all node embeddings into a graph-level representation vector, supporting multiple strategies such as summation, mean, max pooling, or attention pooling. The malware classifier uses a fully connected layer to map the graph to a 5-dimensional output space, corresponding to five categories of labels: AdDisplay / airpush, Adware / artemis, Benign, Downloader / jiagu, and Trojan / kuguo. The output classification probability is then normalized using Softmax.
[0012] The beneficial effects of this invention are reflected in: 1. This invention applies Deep Q-Network (DQN) to the feature selection task of GNN malware detection. Through a reinforcement learning agent, it automatically explores the optimal feature combination, compressing 32-dimensional features to 14 dimensions, significantly reducing the workload of manual feature engineering. With the reduced feature dimensionality, the training speed of the GNN model is significantly accelerated, greatly reducing computational resource consumption and training time while maintaining classification accuracy. The DQN agent can dynamically learn the optimal strategy based on the specific dataset characteristics, exhibiting stronger environmental adaptability compared to fixed feature selection methods. The proposed feature selection framework is universal and adaptable to various GNN architectures such as GCN, GIN, PNA, and SAN, with the GIN model achieving optimal performance within this framework. The 14-dimensional features selected by DQN have clear graph theory significance, and combined with feature group contribution analysis, the contribution of different categories of features to detection performance can be explained. Attached Figure Description
[0013] To more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the accompanying drawings used in the description of the specific embodiments or the prior art will be briefly introduced below. In all the drawings, similar elements or parts are generally identified by similar reference numerals. The elements or parts in the drawings are not necessarily drawn to scale.
[0014] Figure 1 This is a schematic flowchart of the method of the present invention; Figure 2 This is a comparison chart of the training results of this invention; Figure 3 This is a comparison chart of the classification results of different GNN models in this invention; Figure 4This diagram illustrates the effect of different grouping features on the classification performance in this invention. Figure 5 This is a diagram showing the feature selection results based on DQN in this invention; Figure 6 This is a confusion matrix diagram of the classification results of the four GNN models in this invention. Detailed Implementation
[0015] The embodiments of the technical solution of the present invention will now be described in detail with reference to the accompanying drawings. These embodiments are merely illustrative of the technical solution of the present invention and are therefore intended to limit the scope of protection of the present invention.
[0016] It should be noted that, unless otherwise stated, the technical or scientific terms used in this application should have the ordinary meaning as understood by one of ordinary skill in the art to which this invention pertains.
[0017] Example 1: Parse the edge list file and construct a directed graph G=(V,E), where V is the set of function nodes and E is the set of function call edges; A multi-process parallel computing approach is adopted to compute 32-dimensional graph structure features for each node; The feature data of each sample is cached separately as a local file, and a sample index file in JSON format is created to record information such as sample path, category label, feature dimension, etc., which supports fast reading; Initialization: Randomly generate a subset of features (number of features ≤ 16), and encode it as a 32-dimensional binary state vector; Iterative training (100 episodes in total): Action selection (adding / deleting features) based on an ε-greedy strategy; Verify the feature number constraint (1 ≤ feature number ≤ 16), and execute the action to obtain a new state; Train the GIN model under the new conditions, calculate the classification accuracy, and obtain the incremental reward. ; Transfer sample Store in the experience replay buffer; 32 random experiences were sampled and the DQN main network parameters were updated. Synchronize target network parameters every 10 episodes; Convergence criterion: When the average reward value fluctuates less than 0.001 over 10 consecutive episodes, training is stopped and the optimal 14-dimensional feature subset is output. Example 2: GNN classification detection Model Implementation: Four GNN models are implemented based on the PyTorch 2.0 + PyTorch Geometric 2.3 framework. The core configuration is as follows: GIN model: 5 GIN convolutional layers, each followed by MLP (64→64), batch normalization, ReLU activation, and dropout (0.5); using a concatenation and summation readout mechanism; GCN model: 3 GCN convolutional layers, 64 hidden dimensions, ReLU activation, dropout (0.5); PNA model: 4 PNA convolutional layers, aggregator type: mean / min / max / std, degree scaler α∈{-1,0,1}; SAN model: 8 Transformer attention layers, 8 attention heads, and 8-dimensional Laplacian positional encoding.
[0018] Experimental setup: Dataset split: 70% training set (3500 samples), 15% validation set (750 samples), and 15% test set (750 samples). Training parameters: batch size 32, training epochs 200, optimizer Adam, learning rate 0.001; Evaluation metrics: Accuracy, macro average F1 score, AUC-ROC; Experimental results: Model accuracy F1 score AUG GIN 0.8800 0.8813 0.9795 GCN 0.8013 0.8014 0.9617 PAN 0.7053 0.6658 0.9456 SAN 0.3693 0.2534 0.8515 Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present invention, and they should all be covered within the scope of the claims and specification of the present invention.
Claims
1. A method for detecting Android malware based on graph neural networks, characterized in that, include, S1. Data preprocessing and multi-dimensional graph feature extraction: Obtain function call graph data of Android application. The function call graph is represented by a directed graph G=(V,E), where V is the set of function nodes and E is the set of function call edges. Calculate 32-dimensional graph structure features for each node of each function call graph. S2. Based on adaptive feature selection using a deep Q-network, a deep Q-network agent is constructed. The agent represents the state of the current feature subset as a 32-dimensional binary mask vector, and the action of adding or deleting features as a 64-dimensional discrete action space. The difference between the current GNN classification accuracy and the accuracy of the previous state is used as the incremental reward signal. An empirical replay buffer is used to store transition samples. By utilizing the stable training process of the target network, and balancing exploration and utilization through an ε-greedy strategy, the maximum number of features selected is constrained to 16. The agent is trained to learn the optimal feature combination strategy, and finally selects a subset of 14 key features from 32 features. S3. Graph Neural Network Classification and Detection: The 14-dimensional key features are input as node features into the graph neural network classifier. The classifier adopts a graph isomorphic network (GIN) architecture and follows the Weisfeiler-Lehman graph isomorphic testing framework for multi-layer message passing and graph-level readout. Node embedding and updating are achieved through a multilayer perceptron, and the whole graph representation is aggregated using a concatenation and summation readout function to output malware type classification results.
2. The Android malware detection method based on graph neural networks according to claim 1, characterized in that: The specific definition of the 32-dimensional graph structure features is as follows: Degree-related features: in-degree, out-degree, total degree, mean neighbor degree, maximum neighbor degree, minimum neighbor degree, and variance of neighbor degree; Link analysis and influence characteristics: PageRank value, local clustering coefficient; Subgraph structure and core features: Node participation in triangle counting, quadrilateral counting, and K-core count; Centrality characteristics: proximity centrality, betweenness centrality, eigenvector centrality, load centrality; Structural role characteristics: Hub score, Authority score, and Bridging score of the HITS algorithm; Path and connectivity features: reciprocity, BFS depth, DFS depth, average shortest path length, eccentricity, size of strongly connected components, size of weakly connected components; Ratios and specific algorithm characteristics: in-degree ratio, out-degree ratio, local reach centrality (in direction), local reach centrality (out direction), triangular phantom participation, and star phantom participation.
3. The Android malware detection method based on graph neural networks according to claim 1, Its features are: The specific implementation of the adaptive feature selection based on deep Q-networks includes: State space design: A 32-dimensional binary vector is used to represent the current selection state of the feature subset. Each dimension corresponds to the selection state of a graph feature, with 1 indicating selection and 0 indicating non-selection. Action space design: Define 64 discrete actions, where actions 0-31 represent adding features with corresponding indices, and actions 32-63 represent deleting features with corresponding indices; Reward function design: An incremental reward mechanism is adopted. ; in This represents the GNN classification accuracy under the current feature subset; Network architecture design: Both the main network and the target network of DQN adopt a three-layer fully connected neural network with a hidden layer dimension of 128, an input dimension of 32, and an output dimension of 64. Training strategy: Initialize the exploration rate ε=1.0, and decrease it by a decay rate of 0.995 after each episode, with a minimum of 0.05; synchronize the parameters of the target network every 10 training episodes; the experience replay buffer has a capacity of 10000, and 500 experiences are pre-filled before training.
4. The Android malware detection method based on graph neural networks according to claim 1, characterized in that: The 14-dimensional key feature subset includes: In-degree, mean neighbor degree, minimum neighbor degree, triangle count, proximity centrality, eigenvector centrality, load centrality, hub score, DFS depth, average shortest path, local reach centrality (in direction), local reach centrality (out direction), triangle motif participation, star motif participation.
5. The Android malware detection method based on graph neural networks according to claim 1, characterized in that: The graph isomorphic network classifier includes: Node embedding update layer: Implemented using a GIN convolutional layer, with the update formula as follows: ; in, Let N(v) represent the representation vector of node v at level l, and N(v) be the set of neighbors of node v. It can be a learnable scalar parameter or fixed at 0. It is a multilayer perceptron network; The graph-level readout layer employs a cross-layer splicing and summation readout mechanism, with the following formula: ; Let L be the vector representing the entire graph, and L be the total number of network layers. Classification output layer: Represents vectors as graphs Input a fully connected layer and a Softmax function, and output the probability distribution of malware categories.
6. The Android malware detection method based on graph neural networks according to claim 1, characterized in that: The graph neural network classifier also includes: A variant of Graph Convolutional Networks (GCNs) with the following single-layer propagation rules: ; in, To add a self-loop to the adjacency matrix, For degree matrix, Let the matrix represent the nodes of the l-th layer. Let σ be the learnable weight matrix, and σ be the activation function. The main neighborhood aggregation network (PNA) variant combines multiple aggregators with a degree-related scaler: in, For the scaler, α is the scaling exponent, and ⨁ represents the concatenation operation; A variant of the Spectral Attention Network (SAN) that combines Laplacian positional encoding with the Transformer attention mechanism: Calculate the eigenvalue decomposition of the normalized Laplacian matrix The feature vectors corresponding to the k smallest non-zero feature values are taken as the position codes. Attention computation introduces graph-based bias terms Capture the structural relationships between nodes.
7. An Android malware detection system based on graph neural networks, based on the Android malware detection method based on graph neural networks as described in claims 1-6, characterized in that: include: Data preprocessing module: includes APK decompilation unit, Smali code parsing unit, function call graph construction unit, 32-dimensional feature parallel computing unit, and feature cache management unit; The DQN feature selection module includes a state encoder, a DQN main network, a DQN target network, an experience replay buffer, an ε-greedy policy decision-maker, and a feature constraint validator. GNN classification and detection module: includes graph data loader, node feature injector, GIN / GCN / PNA / SAN graph neural network unit, graph-level readout aggregator, and malware classifier; Model training and evaluation module: configured to perform dataset partitioning, hyperparameter configuration, training loop control, performance metric calculation, and result visualization output.
8. The Android malware detection method based on graph neural networks according to claim 7, characterized in that: In the DQN feature selection module: The state encoder encodes the current feature subset into a 32-dimensional binary vector and calculates the current number of features to verify the constraint that does not exceed 16. The DQN main network and target network use the same architecture: 32 neurons in the input layer → 128 neurons in the first hidden layer (ReLU activation) → 128 neurons in the second hidden layer (ReLU activation) → 64 neurons in the output layer; The experience replay buffer uses either a priority experience replay or uniform sampling strategy to store quadruples. Supports small-batch random sampling; The ε-greedy policy decision-maker randomly selects an action with probability ε and selects the action with the largest Q value with probability 1-ε, dynamically decaying the exploration rate as the training process progresses; Before performing an add action, the feature constraint validator checks the number of currently selected features. If the number has reached 16, the action is rejected. Before performing a delete action, the validator checks the number of currently selected features. If only 1 feature remains, the action is rejected, thus ensuring the validity of the solution space.
9. The Android malware detection method based on graph neural networks according to claim 7, characterized in that: In the GNN classification and detection module: The graph data loader reads the edge list file from the local cache, parses it into a directed graph structure, and loads the corresponding 14-dimensional node feature matrix; The node feature injector maps the 14-dimensional features selected by DQN to the input layer of the graph neural network, compressing the feature dimension from 32 to 14. The GIN graph neural network unit contains 3-5 GIN convolutional layers, each followed by batch normalization and ReLU activation, and dropout regularization to prevent overfitting; The graph-level readout aggregator aggregates all node embeddings into a graph-level representation vector, supporting multiple strategies such as summation, mean, max pooling, or attention pooling. The malware classifier uses a fully connected layer to map the graph to a 5-dimensional output space, corresponding to five categories of labels: AdDisplay / airpush, Adware / artemis, Benign, Downloader / jiagu, and Trojan / kuguo. The output classification probability is then normalized using Softmax.