SAC: Collaborative learning of structure and content features for Android malware detection framework

With the rapid development of Internet of Things (IoT) technology, Android devices have increasingly become primary targets for malware attacks. Although significant research has been conducted in the field of malware detection, existing methods still face challenges when dealing with complex sample...

Full description

Saved in:
Bibliographic Details
Published in:Neurocomputing (Amsterdam) Vol. 637; p. 130053
Main Authors: Yang, Jin, Liang, Huijia, Ren, Hang, Jia, Dongqing, Wang, Xin
Format: Journal Article
Language:English
Published: Elsevier B.V 07.07.2025
Subjects:
Android
Convolutional neural network
Deep learning
Graph convolutional network
Malware detection
Deep learning
Graph convolutional network
Malware detection
Convolutional neural network
Android
ISSN:0925-2312
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the rapid development of Internet of Things (IoT) technology, Android devices have increasingly become primary targets for malware attacks. Although significant research has been conducted in the field of malware detection, existing methods still face challenges when dealing with complex samples. In particular, a more comprehensive analysis is required in the domain of feature extraction. To enhance the accuracy of malware detection, we propose the SAC framework. This method utilizes Dalvik Executable (DEX) files as the data source and achieves deep integration of multi-view features by collaboratively modeling image and graph data types. Specifically, to accurately capture the local features of malware and improve the identification of critical behavioral patterns, we designed a task-oriented convolutional neural network (CNN) named IFNeXt, which integrates visualization analysis with an inverted bottleneck structure. Furthermore, we introduced a dual-channel graph convolutional network (GCN) that models the hierarchical structure of bytecode as a directed graph, capturing the co-occurrence relationships and semantic similarities between method calls. This approach enables a deeper exploration of the global structural features of malware. The SAC framework fully leverages the complementary advantages of image and graph data structures, providing a more comprehensive characterization of malware features from both content and structural perspectives. Experimental results demonstrate that our method achieves a detection accuracy of 99.43% on multiple real-world public datasets, significantly outperforming existing state-of-the-art detection techniques. This indicates the potential and innovation of our approach in enhancing the security of the Android platform.
ISSN:0925-2312
DOI:10.1016/j.neucom.2025.130053