FCGHunter: Towards evaluating robustness of graph-based Android malware detection

Author

Shiwen SONG
Xiaofei XIE
Ruitao FENG
Qi GUO
Sen CHEN

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

2-2026

Abstract

Graph-based detection methods leveraging Function Call Graph (FCG) have shown promise for Android malware detection (AMD) due to their semantic insights. However, the deployment of malware detectors in dynamic and hostile environments raises significant concerns about their robustness. While recent approaches evaluate the robustness of FCG-based detectors using adversarial attacks, their effectiveness is constrained by the vast perturbation space, particularly across diverse models and features. To address these challenges, we introduce FCGHunter, a novel robustness testing framework for FCG-based AMD systems. Specifically, FCGHunter employs innovative techniques to enhance exploration and exploitation within this huge search space. Initially, it identifies critical areas within the FCG related to malware behaviors to narrow down the perturbation space. We then develop a dependency-aware crossover and mutation method to enhance the validity and diversity of perturbations, generating diverse FCGs. Furthermore, FCGHunter leverages multi-objective feedback to select perturbed FCGs, significantly improving the search process with interpretation-based feature change feedback. Extensive evaluations across 40 scenarios demonstrate that FCGHunter achieves an average attack success rate of 87.9%, significantly outperforming baselines by at least 40.9%. Notably, FCGHunter achieves a 100% success rate on robust models (e.g., AdaBoost with MalScan), where baselines achieve less than 24% or are inapplicable.

Keywords

Android Malware Detection, Function Call Graph, Robustness Testing

Discipline

Information Security | Software Engineering

Publication

IEEE Transactions on Software Engineering

Volume

52

Issue

2

First Page

428

Last Page

448

ISSN

0098-5589

Identifier

10.1109/TSE.2025.3626788

Publisher

Institute of Electrical and Electronics Engineers

Citation

SONG, Shiwen; XIE, Xiaofei; FENG, Ruitao; GUO, Qi; and CHEN, Sen. FCGHunter: Towards evaluating robustness of graph-based Android malware detection. (2026). IEEE Transactions on Software Engineering. 52, (2), 428-448.
Available at: https://ink.library.smu.edu.sg/sis_research/11031

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TSE.2025.3626788