SAC: Collaborative learning of structure and content features for Android malware detection framework

With the rapid development of Internet of Things (IoT) technology, Android devices have increasingly become primary targets for malware attacks. Although significant research has been conducted in the field of malware detection, existing methods still face challenges when dealing with complex sample...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Neurocomputing (Amsterdam) Ročník 637; s. 130053
Hlavní autori: Yang, Jin, Liang, Huijia, Ren, Hang, Jia, Dongqing, Wang, Xin
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 07.07.2025
Predmet:
Android
Convolutional neural network
Deep learning
Graph convolutional network
Malware detection
Deep learning
Graph convolutional network
Malware detection
Convolutional neural network
Android
ISSN:0925-2312
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:With the rapid development of Internet of Things (IoT) technology, Android devices have increasingly become primary targets for malware attacks. Although significant research has been conducted in the field of malware detection, existing methods still face challenges when dealing with complex samples. In particular, a more comprehensive analysis is required in the domain of feature extraction. To enhance the accuracy of malware detection, we propose the SAC framework. This method utilizes Dalvik Executable (DEX) files as the data source and achieves deep integration of multi-view features by collaboratively modeling image and graph data types. Specifically, to accurately capture the local features of malware and improve the identification of critical behavioral patterns, we designed a task-oriented convolutional neural network (CNN) named IFNeXt, which integrates visualization analysis with an inverted bottleneck structure. Furthermore, we introduced a dual-channel graph convolutional network (GCN) that models the hierarchical structure of bytecode as a directed graph, capturing the co-occurrence relationships and semantic similarities between method calls. This approach enables a deeper exploration of the global structural features of malware. The SAC framework fully leverages the complementary advantages of image and graph data structures, providing a more comprehensive characterization of malware features from both content and structural perspectives. Experimental results demonstrate that our method achieves a detection accuracy of 99.43% on multiple real-world public datasets, significantly outperforming existing state-of-the-art detection techniques. This indicates the potential and innovation of our approach in enhancing the security of the Android platform.
ISSN:0925-2312
DOI:10.1016/j.neucom.2025.130053