Research on Android Malware Detection Model Based on Multi-modal Feature Fusion

Owing to the heterogeneity and complexity of Android malware, traditional static analysis methods that rely on single features such as permissions or API often struggle to accurately differentiate between benign and malicious applications. To address this limitation, this study proposes a novel feature construction method based on multi-modal feature fusion based on in-depth research of Android software features such as permissions, API, bytecodes, and opcodes. The bytecode is transformed into RGB images and visual representations are extracted using the pretrained EfficientNetV2B3 model to capture the high-level characteristics of Android applications. Additionally, Locality-Sensitive Hashing (LSH) is employed to extract opcode sequence features that represent low-level, detailed characteristics of the application. These heterogeneous features are then fused using a Multimodal Factorized Bilinear pooling (MFB) algorithm to create a more discriminative representation of the malware. Building on this enhanced feature representation, a Transformer Encoder-based Android Anomaly Detection (TEAAD) model is introduced. By leveraging the transformer architecture, the TEAAD effectively learns to detect anomalies in Android malware. The experimental results demonstrate that the TEAAD model based on fused features outperforms other deep-learning models, achieving a detection accuracy of 96.87%. The MFB feature fusion method exhibits superior malware identification capabilities compared with other research methods.