Malware Detection Based on Graph Attention Networks for Intelligent Transportation Systems


Creative Commons License

Catal C., GÜNDÜZ H. , ÖZCAN A.

ELECTRONICS, vol.10, no.20, 2021 (Journal Indexed in SCI) identifier identifier

  • Publication Type: Article / Article
  • Volume: 10 Issue: 20
  • Publication Date: 2021
  • Doi Number: 10.3390/electronics10202534
  • Title of Journal : ELECTRONICS
  • Keywords: Intelligent Transport Systems, malware detection, API-call graphs, graph embedding, Graph Attention Networks, Node2Vec, VEHICLES

Abstract

Intelligent Transportation Systems (ITS) aim to make transportation smarter, safer, reliable, and environmentally friendly without detrimentally affecting the service quality. ITS can face security issues due to their complex, dynamic, and non-linear properties. One of the most critical security problems is attacks that damage the infrastructure of the entire ITS. Attackers can inject malware code that triggers dangerous actions such as information theft and unwanted system moves. The main objective of this study is to improve the performance of malware detection models using Graph Attention Networks. To detect malware attacks addressing ITS, a Graph Attention Network (GAN)-based framework is proposed in this study. The inputs to this framework are the Application Programming Interface (API)-call graphs obtained from malware and benign Android apk files. During the graph creation, network metrics and the Node2Vec model are utilized to generate the node features. A GAN-based model is combined with different types of node features during the experiments and the performance is compared against Graph Convolutional Network (GCN). Experimental results demonstrated that the integration of the GAN and Node2Vec models provides the best performance in terms of F-measure and accuracy parameters and, also, the use of an attention mechanism in GAN improves the performance. Furthermore, node features generated with Node2Vec resulted in a 3% increase in classification accuracy compared to the features generated with network metrics.