Enhanced Malware Detection Model Driven by Multi-modal Feature Fusion

• 1、Beijing University of Posts and Telecommunications, School of Cyberspace Security, Beijing, 100876

Abstract：To solve the problem of insufficient coverage of single mode feature and coarse-grained fusion mode in Android malware detection, a multi-mode dynamic adaptive fusion model (MDAFM) based on attention mechanism is proposed. By designing a cross-modal semantic alignment module, static features (permission declaration, bytecode image) and dynamic features (system call graph, network traffic sequence) are mapped in hidden space to solve the problem of heterogeneity of feature space. Combining dynamic weighted fusion strategy and two-channel classifier, fine-grained feature interaction and multi-task cooperative detection are realized. Experiments show that the average F1-score of the model on Drebin and CICAndMal2017 data sets reaches 96.8%, which is 6.2% higher than that of DeepAMD. F1-score of adversarial sample (FGSM attack) detection only decreases by 4.1%, and detection delay is as low as 156ms, meeting the real-time requirements of mobile terminals. The results show that multi-modal feature fusion can effectively improve the detection robustness in complex attack scenarios, and lay a foundation for lightweight and incremental learning research.

Keywords： Security in cyberspace Android malware detection Multimodal feature fusion Attention mechanism Antagonistic robustness Dynamic behavior analysis