A Comparative Evaluation Framework for Image and Graph Representations in Android Malware Detection and Classification
MSc Thesis Defense by: Nour Elkott
Date: Tuesday, February 10th, 2026
Time: 11:30 AM
Location: Teams Meeting
https://teams.microsoft.com/meet/23881009537453?p=ICyqOOhSeuUGH0s67U
Abstract:
This thesis proposes a comparative evaluation framework based on two complementary static representations derived from Android malware bytecode, aimed at addressing the growing challenge of Android malware detection and classification in the presence of obfuscation, polymorphism, and evasion techniques. An Android Package Kit (APK) is analyzed to extract the classes.dex file and generate (i) semantically structured RGB images and (ii) structural Function Call Graphs (FCGs). Deep learning models are trained independently on each representation, using CNNs for image-based and GNNs for graph-based detection and classification. All models are evaluated under identical experimental conditions using a curated subset of the MalNet dataset consisting of 39,245 samples across nine malware types and 96 malware families. To assess interpretability, the framework integrates representation-specific explainable AI techniques.
The results show that both representations capture meaningful discriminative patterns of malware behaviour, with stronger performance at the malware type level than at the finer-grained family level due to increased similarity among families. The explainability analyses further demonstrate that model decisions are driven by coherent semantic and structural characteristics rather than spurious correlations.
Thesis Committee:
External Reader: Dr. Esraa Abdelhalim
Internal Reader: Dr. Boubakeur Boufama
Co-Advisor: Dr. Mohammad Mamun
Co-Advisor: Dr. Sherif Saad
Chair: Dr. Xiaobu Yuan