[SPARTA - bodies.dissemination-committee] article submission

Dear all, We are submitting a paper to the "IFIP SEC" conference this year. If it is accepted, we acknowledge SPARTA. Title: Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic Abstract: Android malicious applications have become so sophisticated that they can bypass endpoint protection measures. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, thereby raising the need to develop efficient ways to detect Android malware. In this paper, we present Hybroid, a hybrid Android malware detection and categorization solution that utilizes program code structures as static behavioral features and network traffic as dynamic behavioral features for detection (binary classification) and categorization (multi-label classification). For static analysis, we introduce a natural language processing-inspired technique based on function call graph embeddings and design a graph neural network-based approach to convert the whole graph structure of an Android app to a vector. In dynamic analysis, we extract network flow features from the raw network traffic by capturing each application's network flow. Finally, Hybroid utilizes the network flow features combined with the graphs' vectors to detect and categorize the malware. Our solution gets 99.6% accuracy on average for malware detection and 97.6% accuracy for malware categorization. Best regards, Mohammad Norouzian -- Mohammad Reza Norouzian Lehrstuhl für Sicherheit in der Informatik I20 Institut für Informatik TU München Boltzmannstr. 3 85748 Garching Tel. +49 89 289 18584 Fax +49 89 289 18579 e-mail: norouzian(a)sec.in.tum.de http://www.sec.in.tum.de