Research on Android Malware Detection Model Based on Multi-modal Feature Fusion

doi:10.19678/j.issn.1000-3428.0070175

Abstract

Abstract:

Owing to the heterogeneity and complexity of Android malware, traditional static analysis methods that rely on single features such as permissions or API often struggle to accurately differentiate between benign and malicious applications. To address this limitation, this study proposes a novel feature construction method based on multi-modal feature fusion based on in-depth research of Android software features such as permissions, API, bytecodes, and opcodes. The bytecode is transformed into RGB images and visual representations are extracted using the pretrained EfficientNetV2B3 model to capture the high-level characteristics of Android applications. Additionally, Locality-Sensitive Hashing (LSH) is employed to extract opcode sequence features that represent low-level, detailed characteristics of the application. These heterogeneous features are then fused using a Multimodal Factorized Bilinear pooling (MFB) algorithm to create a more discriminative representation of the malware. Building on this enhanced feature representation, a Transformer Encoder-based Android Anomaly Detection (TEAAD) model is introduced. By leveraging the transformer architecture, the TEAAD effectively learns to detect anomalies in Android malware. The experimental results demonstrate that the TEAAD model based on fused features outperforms other deep-learning models, achieving a detection accuracy of 96.87%. The MFB feature fusion method exhibits superior malware identification capabilities compared with other research methods.

Key words: Android malware, pre-trained model, Locality-Sensitive Hashing (LSH), feature fusion, deep learning

摘要：

针对Android恶意软件种类和结构繁杂不一、单一静态特征难以区分良性和恶意软件的问题, 在深入研究Android软件的权限、API、字节码、操作码等特征的基础上, 提出一种基于多模态特征融合的构建方法。将字节码转换为RGB图像, 通过预训练模型EfficientNetV2B3提取字节码图像特征, 以表征Android应用的整体特性。利用局部敏感哈希(LSH)算法提取操作码序列特征, 以表征Android应用的细节特性。采用多模态分解双线性池化(MFB)融合算法对字节码图像特征和操作码序列特征进行融合, 实现2种特征数据的异质互补, 以得到更具区分度的静态特征。在此基础上, 提出一种基于Transformer的Android恶意软件检测模型(TEAAD)。实验结果表明, 基于融合特征的TEAAD模型优于其他深度模型, 检测准确率达到96.87%, MFB特征融合方法相较于其他方法具有更高的恶意软件识别能力。

关键词: Android恶意软件, 预训练模型, 局部敏感哈希, 特征融合, 深度学习

ZHANG Zhi, YIN Yukai, SUN Yiling, MENG Wenjing, PENG Chang. Research on Android Malware Detection Model Based on Multi-modal Feature Fusion[J]. Computer Engineering, 2026, 52(3): 243-254.

张志, 尹昱凯, 孙奕灵, 孟雯锦, 彭畅. 基于多模态特征融合的Android恶意软件检测模型研究[J]. 计算机工程, 2026, 52(3): 243-254.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0070175

https://www.ecice06.com/EN/Y2026/V52/I3/243

Figures/Tables 21

Fig.1 Transformer architecture

Fig.2 Research framework in this paper

Fig.3 Android APK file preprocessing process

Fig.4 Extraction process of permissions and other combination feature

Fig.5 The process of converting DEX files into bytecode images

Fig.6 Bytecode image feature extraction process

Fig.7 Operation code sequence extraction process

Fig.8 MFB model structure

Fig.9 TEAAD model structure

Fig.10 Process of mapping opcode sequence to signature vector

Fig.11 Training process of TEAAD model on different datasets

Fig.12 Training process of TEAAD model on different datasets

References 26

1	G DATA. G DATA mobile security report: more than 2.5 million new malware Apps for Android devices[EB/OL]. [2024-05-05]. https://presse.gdata.de/news-g-data-mobile-security-report-more-than-25-million-new-malware-apps-for-android-devices-id=163592&menueid=28982&l=english.
2	360互联网安全中心. 2022年上半年度中国手机安全状况报告[EB/OL]. [2024-05-05]. https://pop.shouji.360.cn/safe_report/Mobile-Security-Report-202206.pdf.
	360 Internet Security Center. China mobile security status report for the first half of 2022[EB/OL]. [2024-05-05]. https://pop.shouji.360.cn/safe_report/Mobile-Security-Report-202206.pdf. (in Chinese)
3	DOǦRU A , ÖNDER M . AppPerm analyzer: malware detection system based on Android permissions and permission groups. International Journal of Software Engineering and Knowledge Engineering, 2020, 30 (3): 427- 450. doi: 10.1142/S0218194020500175
4	ZOU D Q , WU Y M , YANG S R , et al. IntDroid: Android malware detection based on API intimacy analysis. ACM Transactions on Software Engineering and Methodology, 2021, 30 (3): 1- 32.
5	ALAZAB M , ALAZAB M , SHALAGINOV A , et al. Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems, 2020, 107, 509- 521. doi: 10.1016/j.future.2020.02.002
6	MERCALDO F , SANTONE A . Formal equivalence checking for mobile malware detection and family classification. IEEE Transactions on Software Engineering, 2022, 48 (7): 2643- 2657. doi: 10.1109/TSE.2021.3067061
7	CAI M H , JIANG Y , GAO C Y , et al. Learning features from enhanced function call graphs for Android malware detection. Neurocomputing, 2021, 423, 301- 307. doi: 10.1016/j.neucom.2020.10.054
8	QIU J Y , HAN Q L , LUO W , et al. Cyber code intelligence for Android malware detection. IEEE Transactions on Cybernetics, 2023, 53 (1): 617- 627. doi: 10.1109/TCYB.2022.3164625
9	DURAISAMY SOUNDRAPANDIAN P , SUBBIAH G . MULBER: effective Android malware clustering using evolutionary feature selection and mahalanobis distance metric. Symmetry, 2022, 14 (10): 2221. doi: 10.3390/sym14102221
10	孙敏, 成倩, 丁希宁. 基于CBAM-CGRU-SVM的Android恶意软件检测方法. 计算机应用, 2024, 44 (5): 1539- 1545.
	SUN M , CHENG Q , DING X N . CBAM-CGRU-SVM based malware detection method for Android. Journal of Computer Applications, 2024, 44 (5): 1539- 1545.
11	YADAV P , MENON N , RAVI V , et al. EfficientNet convolutional neural networks-based Android malware detection. Computers & Security, 2022, 115, 102622.
12	王海宽, 原锦明. 基于Swin-Transformer的可视化安卓恶意软件检测研究. 吉林大学学报(信息科学版), 2024, 42 (2): 339- 347.
	WANG H K , YUAN J M . Research on visual Android malware detection based on Swin-Transformer. Journal of Jilin University (Information Science Edition), 2024, 42 (2): 339- 347.
13	SENEVIRATNE S , SHARIFFDEEN R , RASNAYAKA S , et al. Self-supervised vision transformers for malware detection. IEEE Access, 2022, 10, 103121- 103135. doi: 10.1109/ACCESS.2022.3206445
14	李佳琳, 王雅哲, 罗吕根, 等. 面向安卓恶意软件检测的对抗攻击技术综述. 信息安全学报, 2021, 6 (4): 28- 43.
	LI J L , WANG Y Z , LUO L G , et al. A survey of adversarial attack techniques for Android malware detection. Journal of Cyber Security, 2021, 6 (4): 28- 43.
15	JAFARI O, MAURYA P, NAGARKAR P, et al. A survey on locality sensitive hashing algorithms and their applications[EB/OL]. [2024-05-05]. https://arXivpreprintarXiv:2102.08942.
16	WU W , LI B , CHEN L , et al. A review for weighted MinHash algorithms. IEEE Transactions on Knowledge and Data Engineering, 2022, 34 (6): 2553- 2573.
17	YU Z, YU J, FAN J P, et al. Multi-modal factorized bilinear pooling with co-attention learning for visual question answering[C]//Proceedings of the IEEE International Conference on Computer Vision (ICCV). Washington D.C., USA: IEEE Press, 2017: 1839-1848.
18	VASWANI A, SHAZEER N, PARMAR N, et al. Attention is all you need[EB/OL]. [2024-05-05]. https://arxiv.org/abs/1706.03762.
19	MNIH V, HEESS N, GRAVES A, et al. Recurrent models of visual attention[C]//Proceedings of the 28th International Conference on Neural Information Processing Systems. New York, USA: ACM Press, 2014: 2204-2212.
20	刘建伟, 刘俊文, 罗雄麟. 深度学习中注意力机制研究进展. 工程科学学报, 2021, 43 (11): 1499- 1511.
	LIU J W , LIU J W , LUO X L . Research progress in attention mechanism in deep learning. Chinese Journal of Engineering, 2021, 43 (11): 1499- 1511.
21	LI J , SUN L C , YAN Q B , et al. Significant permission identification for machine-learning-based Android malware detection. IEEE Transactions on Industrial Informatics, 2018, 14 (7): 3216- 3225. doi: 10.1109/TII.2017.2789219
22	YUAN W , JIANG Y , LI H , et al. A lightweight on-device detection method for Android malware. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2021, 51 (9): 5600- 5611. doi: 10.1109/TSMC.2019.2958382
23	TAN M X, LE Q V. EfficientNet: rethinking model scaling for convolutional neural networks[EB/OL]. [2024-05-05]. https://arxiv.org/abs/1905.11946.
24	Canadian Institute for Cybersecurity. Android malware dataset (CICMalDroid-2020)[EB/OL]. [2024-05-05]. https://www.unb.ca/cic/datasets/maldroid-2020.html.
25	The Drebin dataset[EB/OL]. [2024-05-05]. https://drebin.mlsec.org/.
26	范铭, 刘烃, 刘均, 等. 安卓恶意软件检测方法综述. 中国科学(信息科学), 2020, 50 (8): 1148- 1177.
	FAN M , LIU T , LIU J , et al. Android malware detection: a survey. Scientia Sinica (Informationis), 2020, 50 (8): 1148- 1177.

[1]	ZHANG Yonghong, SUN Shulin, GONG Meng, WANG Junfei, MA Guangyi. Remote Sensing Cloud Image Prediction Method Based on Multi-scale Motion Memory Model [J]. Computer Engineering, 2026, 52(3): 128-140.
[2]	SUN Wei, CHEN Junjie. MF-cache: CLIP-Based Multimodal Cache Model for Maize Disease Recognition [J]. Computer Engineering, 2026, 52(3): 420-428.
[3]	WANG Renshuai, YANG Kuiwu, CHEN Yue, WANG Wen, WEI Jianghong. Survey of Deep Learning Backdoor Attack on Image Data [J]. Computer Engineering, 2026, 52(3): 62-78.
[4]	WU Xuesong, CHEN Yuanyuan, ZHOU Tao. Adaptive No-Reference Image Quality Assessment Based on Multi-Scale Pyramid Pooling [J]. Computer Engineering, 2026, 52(3): 107-118.
[5]	LIU Xiaoyu, LIAO Zhifang, TAN Sui, YU Zhiwu. Bridge Dynamic Strain Prediction Based on Stacked GRU Neural Network [J]. Computer Engineering, 2026, 52(3): 441-450.
[6]	CAO Jiwei, LUO Fei, DING Weichao. BS-YOLO: A Small Object Detection Algorithm Based on BSAM Attention Mechanism and SCConv [J]. Computer Engineering, 2026, 52(3): 119-127.
[7]	CHEN Guolian, FENG Ziyang, CAO Junkuo. Research on Cyberbullying Detection Based on Multimodal Spatial Feature Fusion [J]. Computer Engineering, 2026, 52(3): 255-263.
[8]	TANG Ke, WEI Feiming, LI Dongying, YU Wenxian. Lightweight Target Detection Algorithm for UAV Images Based on Improved YOLOv8 [J]. Computer Engineering, 2026, 52(3): 97-106.
[9]	QIN Yingxin, ZHANG Kejia, PAN Haiwei, JU Yahao. Adversarial Attacks in Computer Vision: A Survey [J]. Computer Engineering, 2026, 52(2): 46-68.
[10]	SUN Yuan, WANG Kangping, ZHAO Mingbo. Clothing Retrieval Based on Multiple Prompts and Contrastive Image-Text Learning [J]. Computer Engineering, 2026, 52(2): 322-330.
[11]	WANG Qingrong, HAO Fule, ZHU Changfeng, WANG Junjie. Research on Vehicle Trajectory Prediction Based on Multifeature Fusion [J]. Computer Engineering, 2026, 52(2): 331-341.
[12]	LIU Chang, LIANG Bingxue, TIAN Rongkun, QIN Yuhua. Medical and Health Question Classification Based on Multi-feature Fusion and Hybrid Neural Network [J]. Computer Engineering, 2026, 52(2): 342-355.
[13]	YANG Yuxue, HE Tian, FAN Jinghang, LIU Ruiying, LI Teng. Research on Cross-Modal Image-Text Retrieval Based on Cross Attention and Feature Aggregation [J]. Computer Engineering, 2026, 52(2): 311-321.
[14]	LI Dongfeng, CHEN Yuren, YU Bo. Pavement Crack Detection Method Based on Multi-Level Feature Fusion [J]. Computer Engineering, 2026, 52(1): 154-165.
[15]	LIU Jie, HUANG Xiaohui, GUO Jingbo. Lightweight Field Cotton Grade Detection Based on YOLOv8 [J]. Computer Engineering, 2026, 52(1): 400-413.

Please choose a citation manager

Content to export