Journal article
Beyond decision: Android malware description generation through profiling malicious behavior trajectory
ACM transactions on software engineering and methodology, Vol.First online, pp.1-38
31/01/2025
Metrics
1 Record Views
Abstract
Malware family labels and key features used for the decision-making of Android malware detection models fall short of precise comprehension of malicious behaviors due to their coarse granularity. To solve these problems, in this paper, we first introduce the concept of the malicious behavior trajectory (MBT) and propose an innovative approach called ProMal. ProMal aims to automatically generate malware descriptions with fine granularity through extracted MBTs from malware for users. Specifically, a labeled dataset of MBTs is constructed through substantial human efforts to build a behavioral knowledge graph (BxKG). The BxKG is scalable and can be automatically updated using two strategies to ensure its completeness and timeliness: 1) taking into consideration the evolution of Android SDKs, and 2) mining new MBTs by leveraging the widely-used malware datasets. We highlight that the knowledge graph is essential in ProMal, which can reason new MBTs based on existing MBTs because of its structured data representation and semantic relation modeling, and thus helps effectively extract real MBTs in Android malware. We evaluated ProMal on a recent malware dataset where researcher-crafted malware descriptions are available, and the Precision, Recall, and F1-Score of MBT identification based on BxKG reached 96.97%, 91.43%, and 0.94, respectively, outperforming the state-of-the-art approaches. Taking MBTs identified from Android malware as inputs, precise, fine-grained, and human-readable descriptions can be generated using the large language model, whose readability and usability are verified through a user study. The generated descriptions play a significant role in interpreting and comprehending malware behaviors.
Details
- Title
- Beyond decision: Android malware description generation through profiling malicious behavior trajectory
- Creators
- Chunlian Wu - Tianjin UniversitySen Chen - Nankai UniversityJiaming Li - Tianjin UniversityRenchao Chai - Tianjin UniversityLingling Fan - Nankai UniversityXiaofei Xie - Singapore Management UniversityRuitao Feng - Southern Cross University
- Publication Details
- ACM transactions on software engineering and methodology, Vol.First online, pp.1-38
- Publisher
- ACM
- Identifiers
- 991013257063502368
- Copyright
- © 2025 Copyright held by the owner/author(s).
- Academic Unit
- Faculty of Science and Engineering
- Language
- English
- Resource Type
- Journal article