VOLTRON: Detecting Unknown Malware Using Graph-Based Zero-Shot Learning

TL;DR

This paper presents VOLTRON, a novel zero-shot learning framework combining graph auto-encoders and Siamese networks to detect unknown Android malware without prior examples, outperforming existing methods in zero-day detection.

Contribution

The paper introduces a new graph-based zero-shot learning approach for malware detection that does not require labeled data for new malware families, enhancing detection of emerging threats.

Findings

Achieves 96.24% accuracy in detecting unknown malware

Outperforms state-of-the-art MaMaDroid in zero-day detection

Demonstrates robustness against evolving Android malware threats

Abstract

The persistent threat of Android malware presents a serious challenge to the security of millions of users globally. While many machine learning-based methods have been developed to detect these threats, their reliance on large labeled datasets limits their effectiveness against emerging, previously unseen malware families, for which labeled data is scarce or nonexistent. To address this challenge, we introduce a novel zero-shot learning framework that combines Variational Graph Auto-Encoders (VGAE) with Siamese Neural Networks (SNN) to identify malware without needing prior examples of specific malware families. Our approach leverages graph-based representations of Android applications, enabling the model to detect subtle structural differences between benign and malicious software, even in the absence of labeled data for new threats. Experimental results show that our method outperforms the state-of-the-art MaMaDroid, especially in zero-day malware detection. Our model achieves 96.24% accuracy and 95.20% recall for unknown malware families, highlighting its robustness against evolving Android threats.