Home
FUTURE STUDENTS ask.UWindsor SUPPORT UWINDSOR
Faculty of Science

A Hybrid Framework for Android Malware Detection and Classification using Graph and Image Representations of APKs- MSc Thesis Proposal by Nour Elkott

Monday, May 26, 2025 - 13:30

The School of Computer Science is pleased to present…

 

A Hybrid Framework for Android Malware Detection and Classification using Graph and Image Representations of APKs

MSc Thesis Proposal by: Nour Elkott

 

Date: Monday, May 26, 2025

Time: 1:30 PM

Location: Essex Hall 122

 

Abstract:

Traditional malware detection methods have become inadequate in detecting new malware due to their sophisticated evasion techniques. Hybrid approaches combining multiple modalities, such as analysis methods, mechanisms, or representations, are promising alternatives. However, these hybrid approaches often lack interpretability, which is a critical requirement for malware analysis in real-world deployments.

We propose a hybrid Android malware detection and classification framework that uses graph and image representations of APK files for analysis. The proposed methodology transforms APK files into two distinct representations: a Function Call Graph (FCG) to represent the inter-procedural calls between functions, and an image representation derived from the DEX bytecode to represent the binary structure and operational signature of the Android application. The framework runs parallel detection models on these representations that first determine if they are benign or malicious. If found to be malicious, malware classifiers for each representation are run to classify them into specific malware types and their corresponding malware families. Additionally, Explainable AI (XAI) techniques, such as GNNExplainer for graph representations and SHAP for image representations, provide users with details into which specific features trigger malware detection and classification results.

This approach addresses current limitations by combining structural and visual analysis of malware while providing interpretability for security analysts. Our current proof-of-concept implementation is trained on approximately 5,400 malicious samples from the MalNet dataset to demonstrate the framework's potential. Future work will focus on training the framework on the full 1.2 million samples in the MalNet dataset and implementing code-level traceability of identified malicious features by the XAI techniques.

 

Keywords: Android Malware, Malware Detection and Classification, Function Call Graphs, DEX bytecode, XAI
 
Thesis Committee:

Internal Reader: Dr. Dima Alhadidi

External Reader: Dr. Esraa Abdelhalim

Co-Advisor: Dr. Sherif Saad Ahmed

Co-Advisor: Dr. Mohammed Mamun

Vector Logo

Registration Link (only MAC students need to pre-register)