research-article

Public Access

Heterogeneous Temporal Graph Transformer: An Intelligent System for Evolving Android Malware Detection

Authors:

Qi XiongAuthors Info & Claims

KDD '21: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining

Pages 2831 - 2839

https://doi.org/10.1145/3447548.3467168

Published: 14 August 2021 Publication History

Abstract

The explosive growth and increasing sophistication of Android malware call for new defensive techniques to protect mobile users against novel threats. To address this challenge, in this paper, we propose and develop an intelligent system named Dr.Droid to jointly model malware propagation and evolution for their detection at the first attempt. In Dr.Droid, we first exploit higher-level semantic and social relations within the ecosystem (e.g., app-market, app-developer, market-developer relations etc.) to characterize app propagation patterns; and then we present a structured heterogeneous graph to model the complex relations among different types of entities. To capture malware evolution, we further consider the temporal dependence and introduce a heterogeneous temporal graph to jointly model malware propagation and evolution by considering heterogeneous spatial dependencies with temporal dimensions. Afterwards, we propose a novel heterogeneous temporal graph transformer framework (denoted as HTGT) to integrate both spatial and temporal dependencies while preserving the heterogeneity to learn node representations for malware detection. Specifically, in our proposed HTGT, to preserve the heterogeneity, we devise a heterogeneous spatial transformer to derive heterogeneous attentions over each node and edge to learn dedicated representations for different types of entities and relations; to model temporal dependencies, we design a temporal transformer into the HTGT to attentively aggregate its historical sequences of a given node (e.g., app); the two transformers work in an iterative manner for representation learning. Promising experimental results based on the large-scale sample collections from anti-malware industry demonstrate the performance of Dr.Droid, by comparison with state-of-the-art baselines and popular mobile security products.

Supplementary Material

MP4 File (heterogeneous_temporal_graph_transformer.mp4)

Presentation Video - Heterogeneous Temporal Graph Transformer

Download
43.76 MB

References

[1]

Emre Aksan, Peng Cao, Manuel Kaufmann, and Otmar Hilliges. 2020. A Spatio-temporal Transformer for 3D Human Motion Prediction. arXiv preprint arXiv:2004.08692 (2020).

[2]

AV-Test. 2021. AV-Test Malware Statistics. https://www.av-test.org/en/statistics/malware/.

[3]

Haipeng Cai, Na Meng, Barbara Ryder, and Daphne Yao. 2019. Droidcat: Effective android malware detection and categorization via app-level profiling. IEEE TIFS, Vol. 14, 6 (2019), 1455--1470.

[4]

Zhiyong Cui, Kristian Henrickson, Ruimin Ke, and Yinhai Wang. 2019. Traffic graph convolutional recurrent neural network: A deep learning framework for network-scale traffic learning and forecasting. IEEE TITS, Vol. 21, 11 (2019), 4883--4894.

[5]

Songgaojun Deng, Shusen Wang, Huzefa Rangwala, Lijing Wang, and Yue Ning. 2019. Graph message passing with cross-location attentions for long-term ili prediction. arXiv preprint arXiv:1912.10202 (2019).

[6]

Zulong Diao, Xin Wang, Dafang Zhang, Yingru Liu, Kun Xie, and Shaoyao He. 2019. Dynamic spatial-temporal graph convolutional neural networks for traffic forecasting. In AAAI, Vol. 33. 890--897.

Digital Library

[7]

Yujie Fan, Mingxuan Ju, Shifu Hou, Yanfang Ye, Wenqiang Wan, Kui Wang, Yinming Mei, and Qi Xiong. 2021. Open-source Code of Dr.Droid. https://github.com/kdd2021drdroid/KDD2021_DrDroid/tree/main.

[8]

Shengnan Guo, Youfang Lin, Ning Feng, Chao Song, and Huaiyu Wan. 2019. Attention based spatial-temporal graph convolutional networks for traffic flow forecasting. In AAAI, Vol. 33. 922--929.

Digital Library

[9]

Huiting Hong, Yucheng Lin, Xiaoqing Yang, Zang Li, Kung Fu, Zheng Wang, Xiaohu Qie, and Jieping Ye. 2020. HetETA: Heterogeneous information network embedding for estimating time of arrival. In KDD. 2444--2454.

[10]

Shifu Hou, Yujie Fan, Mingxuan Ju, Yanfang Ye, Wenqiang Wan, Kui Wan, Yinming Mei, Qi Xiong, and Fudong Shao. 2021. Disentangled Representation Learning in Heterogeneous Information Network for Large-scale Android Malware Detection in the COVID-19 Era and Beyond. In AAAI .

[11]

Shifu Hou, Aaron Saas, Lifei Chen, and Yanfang Ye. 2016. Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs. In 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW). IEEE, 104--111.

[12]

Shifu Hou, Yanfang Ye, Yangqiu Song, and Melih Abdulhayoglu. 2017. Hindroid: An intelligent android malware detection system based on structured heterogeneous information network. In KDD. ACM, 1507--1515.

Digital Library

[13]

Ziniu Hu, Yuxiao Dong, Kuansan Wang, and Yizhou Sun. 2020. Heterogeneous graph transformer. In WWW. 2704--2710.

[14]

Ziyu Jia, Youfang Lin, Jing Wang, Ronghao Zhou, Xiaojun Ning, Yuanlai He, and Yaoshuai Zhao. 2020. Graphsleepnet: Adaptive spatial-temporal graph convolutional networks for sleep stage classification. In IJCAI. 1324--1330.

[15]

Amol Kapoor, Xue Ben, Luyang Liu, Bryan Perozzi, Matt Barnes, Martin Blais, and Shawn O'Banion. 2020. Examining covid-19 forecasting using spatio-temporal graph neural networks. arXiv preprint arXiv:2007.03113 (2020).

[16]

TaeGuen Kim, BooJoong Kang, Mina Rho, Sakir Sezer, and Eul Gyu Im. 2019. A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. IEEE TIFS, Vol. 14, 3 (2019), 773--788.

[17]

Thomas N Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016).

[18]

Wenjuan Luo, Han Zhang, Xiaodi Yang, Lin Bo, Xiaoqing Yang, Zang Li, Xiaohu Qie, and Jieping Ye. 2020. Dynamic Heterogeneous Graph Neural Network for Real-time Event Prediction. In KDD. 3213--3223.

[19]

Andrei Nicolicioiu, Iulia Duta, and Marius Leordeanu. 2019. Recurrent space-time graph neural networks. arXiv preprint arXiv:1904.05582 (2019).

[20]

Chiara Plizzari, Marco Cannici, and Matteo Matteucci. 2020. Spatial temporal transformer network for skeleton-based action recognition. arXiv preprint arXiv:2008.07404 (2020).

[21]

Purplesec. 2021. 2020 Ransomware Statistics, Data, and Trends. In https://purplesec.us/resources/cyber-security-statistics/ransomware/.

[22]

Michael Schlichtkrull, Thomas N Kipf, Peter Bloem, Rianne Van Den Berg, Ivan Titov, and Max Welling. 2018. Modeling relational data with graph convolutional networks. In ESWC. Springer, 593--607.

[23]

Statcounter. 2021. Mobile Operating System Market Share Worldwide. In https://gs.statcounter.com/os-market-share/mobile/worldwide .

[24]

Yizhou Sun, Jiawei Han, Xifeng Yan, Philip S. Yu, and Tianyi Wu. 2011. PathSim: Meta Path-Based Top-K Similarity Search in Heterogeneous Information Networks. PVLDB (2011).

Digital Library

[25]

Yu Sun, Shuohuan Wang, Yukun Li, Shikun Feng, Xuyi Chen, Han Zhang, Xin Tian, Danxiang Zhu, Hao Tian, and Hua Wu. 2019. Ernie: Enhanced representation through knowledge integration. arXiv preprint arXiv:1904.09223 (2019).

[26]

Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, Lukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. arXiv preprint arXiv:1706.03762 (2017).

[27]

Petar Velivc ković, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. 2017. Graph attention networks. arXiv preprint arXiv:1710.10903 (2017).

[28]

Xiao Wang, Houye Ji, Chuan Shi, Bai Wang, Yanfang Ye, Peng Cui, and Philip S Yu. 2019. Heterogeneous graph attention network. In WWW. 2022--2032.

[29]

Xiaoyang Wang, Yao Ma, Yiqi Wang, Wei Jin, Xin Wang, Jiliang Tang, Caiyan Jia, and Jian Yu. 2020. Traffic flow prediction via spatial temporal graph neural network. In WWW. 1082--1092.

[30]

Zonghan Wu, Shirui Pan, Guodong Long, Jing Jiang, and Chengqi Zhang. 2019. Graph wavenet for deep spatial-temporal graph modeling. arXiv preprint arXiv:1906.00121 (2019).

[31]

Mingxing Xu, Wenrui Dai, Chunmiao Liu, Xing Gao, Weiyao Lin, Guo-Jun Qi, and Hongkai Xiong. 2020. Spatial-temporal transformer networks for traffic flow forecasting. arXiv preprint arXiv:2001.02908 (2020).

[32]

Hansheng Xue, Luwei Yang, Wen Jiang, Yi Wei, Yi Hu, and Yu Lin. 2020. Modeling Dynamic Heterogeneous Network for Link Prediction using Hierarchical Attention with Temporal RNN. arXiv preprint arXiv:2004.01024 (2020).

[33]

Luwei Yang, Zhibo Xiao, Wen Jiang, Yi Wei, Yi Hu, and Hao Wang. 2020. Dynamic heterogeneous graph embedding using hierarchical attentions. In ECIR. Springer, 425--432.

[34]

Yanfang Ye, Lingwei Chen, Shifu Hou, William Hardy, and Xin Li. 2018. DeepAM: a heterogeneous deep learning framework for intelligent malware detection. Knowledge and Information Systems, Vol. 54, 2 (2018), 265--285.

Digital Library

[35]

Yanfang Ye, Shifu Hou, Lingwei Chen, Jingwei Lei, Wenqiang Wan, Jiabin Wang, Qi Xiong, and Fudong Shao. 2019. Out-of-sample Node Representation Learning for Heterogeneous Graph in Real-time Android Malware Detection. In IJCAI. 4150--4156.

[36]

Yanfang Ye, Shifu Hou, Yujie Fan, Yiming Zhang, Yiyue Qian, Shiyu Sun, Qian Peng, Mingxuan Ju, Wei Song, and Kenneth Loparo. 2020. α-Satellite: An AI-Driven System and Benchmark Datasets for Dynamic COVID-19 Risk Assessment in the United States. IEEE Journal of Biomedical and Health Informatics, Vol. 24, 10 (2020), 2755--2764.

[37]

Yanfang Ye, Tao Li, Donald Adjeroh, and S Sitharama Iyengar. 2017. A survey on malware detection using data mining techniques. ACM Computing Surveys (CSUR), Vol. 50, 3 (2017), 1--40.

Digital Library

[38]

Bing Yu, Haoteng Yin, and Zhanxing Zhu. 2017. Spatio-temporal graph convolutional networks: A deep learning framework for traffic forecasting. arXiv preprint arXiv:1709.04875 (2017).

[39]

Cunjun Yu, Xiao Ma, Jiawei Ren, Haiyu Zhao, and Shuai Yi. 2020. Spatio-Temporal Graph Transformer Networks for Pedestrian Trajectory Prediction. In ECCV. Springer, 507--523.

Cited By

Alshomrani MAlbeshri AAlturki BAlallah FAlsulami A(2024)Survey of Transformer-Based Malicious Software Detection SystemsElectronics10.3390/electronics1323467713:23(4677)Online publication date: 27-Nov-2024
https://doi.org/10.3390/electronics13234677
Zhu HXia MWang LXu ZSheng V(2024)A Novel Knowledge Search Structure for Android Malware DetectionIEEE Transactions on Services Computing10.1109/TSC.2024.3496333(1-14)Online publication date: 2024
https://doi.org/10.1109/TSC.2024.3496333
Zhu HChen XWang LXu ZSheng V(2024)A Dynamic Analysis-Powered Explanation Framework for Malware DetectionIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.343689136:12(7483-7496)Online publication date: Dec-2024
https://doi.org/10.1109/TKDE.2024.3436891
Show More Cited By

Index Terms

Heterogeneous Temporal Graph Transformer: An Intelligent System for Evolving Android Malware Detection
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
      1. Learning latent representations
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Heterogeneous Graph Transformer
WWW '20: Proceedings of The Web Conference 2020

Recent years have witnessed the emerging success of graph neural networks (GNNs) for modeling structured data. However, most GNNs are designed for homogeneous graphs, in which all nodes and edges belong to the same types, making it infeasible to ...
Transformer-Based Representation Learning on Temporal Heterogeneous Graphs
Web and Big Data
Abstract
Temporal heterogeneous graphs can model lots of complex systems in the real world, such as social networks and e-commerce applications, which are naturally time-varying and heterogeneous. As most existing graph representation learning methods ...
Heterogeneous Temporal Graph Neural Network Explainer
CIKM '23: Proceedings of the 32nd ACM International Conference on Information and Knowledge Management

Graph Neural Networks (GNNs) have been a prominent research area and have been widely deployed in various high-stakes applications in recent years, leading to a growing demand for explanations. While existing explainer methods focus on explaining ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

KDD '21: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining

August 2021

4259 pages

ISBN:9781450383325

DOI:10.1145/3447548

General Chairs:
Feida Zhu
Singapore Management University
,
Beng Chin Ooi
National University of Singapore
,
Chunyan Miao
Nanyang Technology University
,
Program Chairs:
Haixun Wang,
Iryna Skrypnyk,
Wynne Hsu,
Sanjay Chawla

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

KDD '21

Sponsor:

KDD '21: The 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 14 - 18, 2021

Virtual Event, Singapore

Acceptance Rates

Overall Acceptance Rate 1,133 of 8,635 submissions, 13%

Upcoming Conference

KDD '25

Sponsor:
sigkdd
sigkdd

The 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 3 - 7, 2025

Toronto , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
2,627
Total Downloads

Downloads (Last 12 months)551
Downloads (Last 6 weeks)67

Reflects downloads up to 31 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alshomrani MAlbeshri AAlturki BAlallah FAlsulami A(2024)Survey of Transformer-Based Malicious Software Detection SystemsElectronics10.3390/electronics1323467713:23(4677)Online publication date: 27-Nov-2024
https://doi.org/10.3390/electronics13234677
Zhu HXia MWang LXu ZSheng V(2024)A Novel Knowledge Search Structure for Android Malware DetectionIEEE Transactions on Services Computing10.1109/TSC.2024.3496333(1-14)Online publication date: 2024
https://doi.org/10.1109/TSC.2024.3496333
Zhu HChen XWang LXu ZSheng V(2024)A Dynamic Analysis-Powered Explanation Framework for Malware DetectionIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.343689136:12(7483-7496)Online publication date: Dec-2024
https://doi.org/10.1109/TKDE.2024.3436891
Yu XQin CShen DMa HZhang LZhang XZhu HXiong H(2024)RDGT: Enhancing Group Cognitive Diagnosis With Relation-Guided Dual-Side Graph TransformerIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.335264036:7(3429-3442)Online publication date: Jul-2024
https://doi.org/10.1109/TKDE.2024.3352640
Gong JNiu WLi SZhang MZhang X(2024)Sensitive Behavioral Chain-Focused Android Malware Detection Fused With AST SemanticsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.346889119(9216-9229)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3468891
Wang MYang NWeng N(2024)K-GetNID: Knowledge-Guided Graphs for Early and Transferable Network Intrusion DetectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343193219(7147-7160)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3431932
Kunwar P(2024)PhD Forum: MalFormer001- Multimodal Transformer Fused Attention based Malware Detector2024 IEEE International Conference on Smart Computing (SMARTCOMP)10.1109/SMARTCOMP61445.2024.00059(252-253)Online publication date: 29-Jun-2024
https://doi.org/10.1109/SMARTCOMP61445.2024.00059
Zong YShi ZHuang W(2024)LONGAN: Detecting Lateral Movement based on Heterogeneous Graph Neural Networks with Temporal Features2024 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC61673.2024.10733661(1-6)Online publication date: 26-Jun-2024
https://doi.org/10.1109/ISCC61673.2024.10733661
Yang LChatelain CAdam S(2024)Dynamic Graph Representation Learning With Neural Networks: A SurveyIEEE Access10.1109/ACCESS.2024.337811112(43460-43484)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3378111
Liu CLi BLiu XLi CBao J(2024)Evolving malware detection through instant dynamic graph inverse reinforcement learningKnowledge-Based Systems10.1016/j.knosys.2024.111991299(111991)Online publication date: Sep-2024
https://doi.org/10.1016/j.knosys.2024.111991
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten