ArchSentry: Enhanced Android Malware Detection via Hierarchical Semantic Extraction

IF 4.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Network and Service Management Pub Date : 2025-04-10 DOI:10.1109/TNSM.2025.3559255

Tianbo Wang;Mengyao Liu;Huacheng Li;Lei Zhao;Changnan Jiang;Chunhe Xia;Baojiang Cui

{"title":"ArchSentry: Enhanced Android Malware Detection via Hierarchical Semantic Extraction","authors":"Tianbo Wang;Mengyao Liu;Huacheng Li;Lei Zhao;Changnan Jiang;Chunhe Xia;Baojiang Cui","doi":"10.1109/TNSM.2025.3559255","DOIUrl":null,"url":null,"abstract":"Android malware poses a significant challenge for mobile platforms. To evade detection, contemporary malware variants use API substitution or obfuscation techniques to hide malicious activities and mask their shallow semantic characteristics. However, existing research lacks analysis of the hierarchical semantic associated with Android apps. To address this problem, we propose ArchSentry, an enhanced Android malware detection via hierarchical semantic extraction. First, we select entities and their relationships relevant to Android software behavior through the software architecture and represent them using a heterogeneous graph. Then, we structure meta-paths to represent rich semantic information to achieve semantic enhancement and improve efficiency. Next, we design a meta-path semantic selection method based on KL Divergence to identify and eliminate redundant features. To achieve a comprehensive representation of the overall software semantics and improve performance, we construct a feature fusion approach based on Restricted Boltzmann Machines (RBM) and AutoEncoder (AE) during the pre-training phase, while preserving the probability distribution characteristics of various meta-paths. Finally, Deep Neural Networks (DNN) process fusion features for comprehensive feature sets. Experimental results on real-world application samples indicate that ArchSentry achieves a remarkable 99.2% detection rate for Android malware, with a low false positive rate below 1%. These results surpass the performance of current state-of-the-art approaches.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 3","pages":"2822-2837"},"PeriodicalIF":4.7000,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10960629/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Android malware poses a significant challenge for mobile platforms. To evade detection, contemporary malware variants use API substitution or obfuscation techniques to hide malicious activities and mask their shallow semantic characteristics. However, existing research lacks analysis of the hierarchical semantic associated with Android apps. To address this problem, we propose ArchSentry, an enhanced Android malware detection via hierarchical semantic extraction. First, we select entities and their relationships relevant to Android software behavior through the software architecture and represent them using a heterogeneous graph. Then, we structure meta-paths to represent rich semantic information to achieve semantic enhancement and improve efficiency. Next, we design a meta-path semantic selection method based on KL Divergence to identify and eliminate redundant features. To achieve a comprehensive representation of the overall software semantics and improve performance, we construct a feature fusion approach based on Restricted Boltzmann Machines (RBM) and AutoEncoder (AE) during the pre-training phase, while preserving the probability distribution characteristics of various meta-paths. Finally, Deep Neural Networks (DNN) process fusion features for comprehensive feature sets. Experimental results on real-world application samples indicate that ArchSentry achieves a remarkable 99.2% detection rate for Android malware, with a low false positive rate below 1%. These results surpass the performance of current state-of-the-art approaches.

查看原文本刊更多论文

ArchSentry：通过分层语义提取增强Android恶意软件检测

Android恶意软件对移动平台构成了重大挑战。为了逃避检测，当代恶意软件变体使用API替代或混淆技术来隐藏恶意活动并掩盖其浅层语义特征。然而，现有的研究缺乏对Android应用的层次语义分析。为了解决这个问题，我们提出了ArchSentry，一个通过分层语义提取增强的Android恶意软件检测。首先，我们通过软件架构选择与Android软件行为相关的实体及其关系，并使用异构图表示它们。然后，我们构建元路径来表示丰富的语义信息，以实现语义增强和提高效率。其次，我们设计了一种基于KL散度的元路径语义选择方法来识别和消除冗余特征。为了全面表征软件整体语义并提高性能，我们在预训练阶段构建了一种基于受限玻尔兹曼机（RBM）和自动编码器（AE）的特征融合方法，同时保留了各种元路径的概率分布特征。最后，深度神经网络（DNN）处理综合特征集的融合特征。真实应用样本的实验结果表明，ArchSentry对Android恶意软件的检测率达到了99.2%，假阳性率低于1%。这些结果超越了目前最先进的方法的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications

CiteScore

9.30

自引率

15.10%

发文量

325

期刊介绍： IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.