<p>Dynamic malware detection for Android applications presents a significant challenge due to the high processing costs associated with runtime behavior analysis. These costs are further amplified in multi-view models, which extract and process features from multiple behavioral perspectives such as network, system, and file activities. Addressing this challenge is required to ensure accurate yet lightweight detection mechanisms suitable for deployment in mobile devices. In this paper, we propose a novel Android dynamic malware detection model implemented in two phases: a time-window-based feature extraction mechanism and a multi-view classification strategy. The first phase segments application execution into short intervals, enabling low-latency and lightweight feature extraction. The second phase applies an ensemble of classifiers across different views, combining their outputs through majority voting to enhance detection accuracy without incurring additional overhead. We evaluate our approach using a newly constructed dataset composed of 4,128 APKs, including benign and malware samples from nine families. Our results show that the proposed method significantly improves classification performance, increasing AUC by up to 0.06 compared to traditional single-view approaches. Furthermore, we demonstrate that increasing the feature extraction time window benefits accuracy across all views while maintaining the model’s suitability for lightweight execution.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Lightweight multi-view dynamic android malware detection via time-windowed feature extraction

  • Ivson Ferreira,
  • João Victor O. de Oliveira,
  • Fernando Purkott,
  • Jhonatan Geremias,
  • Eduardo K. Viegas

摘要

Dynamic malware detection for Android applications presents a significant challenge due to the high processing costs associated with runtime behavior analysis. These costs are further amplified in multi-view models, which extract and process features from multiple behavioral perspectives such as network, system, and file activities. Addressing this challenge is required to ensure accurate yet lightweight detection mechanisms suitable for deployment in mobile devices. In this paper, we propose a novel Android dynamic malware detection model implemented in two phases: a time-window-based feature extraction mechanism and a multi-view classification strategy. The first phase segments application execution into short intervals, enabling low-latency and lightweight feature extraction. The second phase applies an ensemble of classifiers across different views, combining their outputs through majority voting to enhance detection accuracy without incurring additional overhead. We evaluate our approach using a newly constructed dataset composed of 4,128 APKs, including benign and malware samples from nine families. Our results show that the proposed method significantly improves classification performance, increasing AUC by up to 0.06 compared to traditional single-view approaches. Furthermore, we demonstrate that increasing the feature extraction time window benefits accuracy across all views while maintaining the model’s suitability for lightweight execution.