Journal article
FCGHUNTER: Towards Evaluating Robustness of Graph-Based Android Malware Detection
IEEE transactions on software engineering, Vol.52(2), pp.428-448
02/2026
Metrics
1 Record Views
Abstract
Graph-based detection methods leveraging Function Call Graph (FCG) have shown promise for Android malware detection (AMD) due to their semantic insights. However, the deployment of malware detectors in dynamic and hostile environments raises significant concerns about their robustness. While recent approaches evaluate the robustness of FCG-based detectors using adversarial attacks, their effectiveness is constrained by the vast perturbation space, particularly across diverse models and features. To address these challenges, we introduce FCGHUNTER, a novel robustness testing framework for FCG-based AMD systems. Specifically, FCGHUNTER employs innovative techniques to enhance exploration and exploitation within this huge search space. Initially, it identifies critical areas within the FCG related to malware behaviors to narrow down the perturbation space. We then develop a dependency-aware crossover and mutation method to enhance the validity and diversity of perturbations, generating diverse FCGs. Furthermore, FCGHUNTER leverages multi-objective feedback to select perturbed FCGs, significantly improving the search process with interpretation-based feature change feedback. Extensive evaluations across 40 scenarios demonstrate that FCGHUNTER achieves an average attack success rate of 87.9%, significantly outperforming baselines by at least 40.9%. Notably, FCGHUNTER achieves a 100% success rate on robust models (e.g., AdaBoost with MalScan), where baselines achieve less than 24% or are inapplicable.
Details
- Title
- FCGHUNTER: Towards Evaluating Robustness of Graph-Based Android Malware Detection
- Creators
- Shiwen Song - Singapore Management UniversityXiaofei Xie - Singapore Management UniversityRuitao Feng - Southern Cross UniversityQi Guo - Tianjin UniversitySen Chen - Nankai University
- Publication Details
- IEEE transactions on software engineering, Vol.52(2), pp.428-448
- Publisher
- IEEE
- Number of pages
- 21
- Grant note
- Cyber Security Agency under its National Cybersecurity R#x0026;D Programme: NCRP25-P04-TAICeN National Research Foundation Singapore: 10.13039/501100001381 Ministry of Education, Singapore under its Academic Research Fund Tier 2: T2EP20223-0043
This work was supported in part by the National ResearchFoundation, Singapore, in part by the Cyber Security Agency under itsNational Cybersecurity RD Programme (NCRP25-P04-TAICeN), and in part by the Ministry ofEducation, Singapore under its Academic Research Fund Tier 2 (ProposalID: T2EP20223-0043).
- Identifiers
- 991013330022402368
- Academic Unit
- Faculty of Science and Engineering
- Language
- English
- Resource Type
- Journal article