MPDroid: A multimodal pre-training Android malware detection method with static and dynamic features

Abstract

The widespread deployment and open nature of the Android system have led to a rapid increase in Android malware, presenting significant challenges to mobile device security. Both static and dynamic analysis methods exhibit inherent limitations while hybrid detection approaches that combine static and dynamic features struggle with efficiency. To address these issues, this paper proposes MPDroid, a multimodal pre-training enabled detection approach. MPDroid effectively learns the critical characteristics of malicious behavior during the pre-training phase and achieves efficient single-modality detection in the downstream tasks. MPDroid utilizes an API call graph to represent dynamic features and a function call graph for static features. During pre-training, MPDroid employs graph convolutional networks and multimodal fusion techniques to capture the relationships between static and dynamic features. We also address the unimodal bias problem in multimodal tasks through modality alignment and model-level fusion. Furthermore, MPDroid significantly reduces the training and inferencing time for downstream tasks by implementing a multimodal pre-training framework with static features-based downstream tasks, thereby enhancing detection efficiency. Experimental results demonstrate that MPDroid achieves an average accuracy of 98.3% and an F1-score of 97.6%, with less than 7.39 s of detection duration, indicating superior overall performance compared to existing detection methods.