English

Better Call Graphs: A New Dataset of Function Call Graphs for Malware Classification

Cryptography and Security 2025-12-25 v1 Machine Learning

Abstract

Function call graphs (FCGs) have emerged as a powerful abstraction for malware detection, capturing the behavioral structure of applications beyond surface-level signatures. Their utility in traditional program analysis has been well established, enabling effective classification and analysis of malicious software. In the mobile domain, especially in the Android ecosystem, FCG-based malware classification is particularly critical due to the platform's widespread adoption and the complex, component-based structure of Android apps. However, progress in this direction is hindered by the lack of large-scale, high-quality Android-specific FCG datasets. Existing datasets are often outdated, dominated by small or redundant graphs resulting from app repackaging, and fail to reflect the diversity of real-world malware. These limitations lead to overfitting and unreliable evaluation of graph-based classification methods. To address this gap, we introduce Better Call Graphs (BCG), a comprehensive dataset of large and unique FCGs extracted from recent Android application packages (APKs). BCG includes both benign and malicious samples spanning various families and types, along with graph-level features for each APK. Through extensive experiments using baseline classifiers, we demonstrate the necessity and value of BCG compared to existing datasets. BCG is publicly available at https://erdemub.github.io/BCG-dataset.

Keywords

Cite

@article{arxiv.2512.20872,
  title  = {Better Call Graphs: A New Dataset of Function Call Graphs for Malware Classification},
  author = {Jakir Hossain and Gurvinder Singh and Lukasz Ziarek and Ahmet Erdem Sarıyüce},
  journal= {arXiv preprint arXiv:2512.20872},
  year   = {2025}
}
R2 v1 2026-07-01T08:39:27.263Z