Zobrazit v EDS

Detecting Android malware: A multimodal fusion method with fine-grained feature.

Uloženo v:
Podrobná bibliografie
Název: Detecting Android malware: A multimodal fusion method with fine-grained feature.
Autoři: Li, Xun1,2 (AUTHOR), Liu, Lei1,3 (AUTHOR), Liu, Yuzhou1,3 (AUTHOR) liuyuzhou@jlu.edu.cn, Liu, Huaxiao1,3 (AUTHOR)
Zdroj: Information Fusion. Feb2025, Vol. 114, pN.PAG-N.PAG. 1p.
Témata: *FEATURE extraction, *BINARY codes, *PROGRAMMING languages, *SOURCE code, *DEEP learning, *MULTIMODAL user interfaces
Abstrakt: Context: Recently, many studies have been proposed to address the threat posed by Android malware. However, the continuous evolution of malware poses challenges to the task of representing application features in current detection methods. Objective: This paper introduces a novel Android malware detection approach based on the source code and binary code of software by leveraging large pre-trained models with a fine-grained multimodal fusion strategy. Method: Specifically, the approach treats the source code and binary code as the programming language modality (PM) and machine language modality (MM), respectively. Then, domain-specific knowledge (sensitive API) combined with large pre-trained model is further applied to extract PM features; while the binary code is transformed into RGB images, from which MM features are extracted using a pre-trained image processing model. Furthermore, a fine-grained fusion strategy is implemented using a multi-head self-attention mechanism to effectively capture the correlations among features across different modalities and generate comprehensive features for application malware detection. Results and Conclusion: The detection performance and generalization ability of the proposed method were validated on two experimental datasets. The results demonstrate that our method can accurately distinguish malware, achieving an accuracy of 98.28% and an F1-score of 98.66%. Additionally, it performs well on unseen data, with an accuracy of 92.86% and an F1-score of 94.49%. Meanwhile, ablation experiments confirm the contributions of sensitive API knowledge and the fine-grained multimodal fusion strategy to the success of malware detection. • The study detects Android malware by fusing information in source and binary code. • Large pre-trained model is used with task-specific knowledge for feature analysis. • A fine-grained feature fusion strategy is designed for describing software. [ABSTRACT FROM AUTHOR]
Databáze: Academic Search Index
Popis
Abstrakt:Context: Recently, many studies have been proposed to address the threat posed by Android malware. However, the continuous evolution of malware poses challenges to the task of representing application features in current detection methods. Objective: This paper introduces a novel Android malware detection approach based on the source code and binary code of software by leveraging large pre-trained models with a fine-grained multimodal fusion strategy. Method: Specifically, the approach treats the source code and binary code as the programming language modality (PM) and machine language modality (MM), respectively. Then, domain-specific knowledge (sensitive API) combined with large pre-trained model is further applied to extract PM features; while the binary code is transformed into RGB images, from which MM features are extracted using a pre-trained image processing model. Furthermore, a fine-grained fusion strategy is implemented using a multi-head self-attention mechanism to effectively capture the correlations among features across different modalities and generate comprehensive features for application malware detection. Results and Conclusion: The detection performance and generalization ability of the proposed method were validated on two experimental datasets. The results demonstrate that our method can accurately distinguish malware, achieving an accuracy of 98.28% and an F1-score of 98.66%. Additionally, it performs well on unseen data, with an accuracy of 92.86% and an F1-score of 94.49%. Meanwhile, ablation experiments confirm the contributions of sensitive API knowledge and the fine-grained multimodal fusion strategy to the success of malware detection. • The study detects Android malware by fusing information in source and binary code. • Large pre-trained model is used with task-specific knowledge for feature analysis. • A fine-grained feature fusion strategy is designed for describing software. [ABSTRACT FROM AUTHOR]
ISSN:15662535
DOI:10.1016/j.inffus.2024.102662