Skip to main content

Advertisement

Springer Nature Link
Log in

GBADroid: an Android malware detection method based on multi-view feature fusion

  • Research
  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

With the development of mobile internet, the open Android operating system has become the most widely used mobile platform globally, leading to a surge in malware that poses serious threats to user device security. Current Android malware detection methods mainly rely on a single feature set, making it difficult to comprehensively represent the characteristics of Android applications. To address this limitation, this paper proposes an Android malware detection method called GBADroid. GBADroid comprehensively characterizes Android software by considering multi-view features. Specifically, it first matches against a list of dangerous permissions to identify potential risks and then employs an information gain algorithm and a Bidirectional Gated Recurrent Unit (BiGRU) to extract opcode features. It also constructs a function call graph (FCG) to extract graph features using Graph Sample and Aggregate (GraphSAGE) algorithm. Experimental results show that GBADroid achieves a detection accuracy of 98.73%, demonstrating superior performance compared to existing methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

Publicly available datasets were analyzed in this study. The research data can be found on https://www.unb.ca/cic/datasets/maldroid-2020.html (accessed on 10 September 2023) and https://androzoo.uni.lu (accessed on 11 September 2023).

Code availability

Code will be made available on request.

References

  1. Mobile Operating System Market Share Worldwide (2024) Accessed 20 July 2024. https://gs.statcounter.com/os-market-share/mobile/worldwide/

  2. 2023 China Mobile Security Status Report (2023) Accessed 21 July 2024. https://pop.shouji.360.cn/safe_report/Mobile-Security-Report-202312.pdf

  3. Qiu J, Zhang J, Luo W, Pan L, Nepal S, Xiang Y (2020) A survey of android malware detection with deep neural models. ACM Comput Surv 53(6):1–36. https://doi.org/10.1145/3417978

    Article  Google Scholar 

  4. Niu W, Wang Y, Liu X, Yan R, Li X, Zhang X (2023) Gcdroid: android malware detection based on graph compression with reachability relationship extraction for IoT devices. IEEE Internet Things J 10(13):11343–11356. https://doi.org/10.1109/JIOT.2023.3241697

    Article  Google Scholar 

  5. Cai L, Li Y, Xiong Z (2021) Jowmdroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier parameters. Comput Secur 100:102086. https://doi.org/10.1016/j.cose.2020.102086

    Article  MATH  Google Scholar 

  6. Zhu H-J, Gu W, Wang L-M, Xu Z-C, Sheng VS (2023) Android malware detection based on multi-head squeeze-and-excitation residual network. Expert Syst Appl 212:118705. https://doi.org/10.1016/j.eswa.2022.118705

    Article  Google Scholar 

  7. Cui Y, Sun Y, Lin Z (2023) Droidhook: a novel API-hook based android malware dynamic analysis sandbox. Autom Softw Eng 30(1):10. https://doi.org/10.1007/s10515-023-00378-w

    Article  MATH  Google Scholar 

  8. Li S, Zhou Q, Zhou R, Lv Q (2022) Intelligent malware detection based on graph convolutional network. J Supercomput 78(3):4182–4198. https://doi.org/10.1007/s11227-021-04020-y

    Article  MATH  Google Scholar 

  9. Wang X, Li C (2021) Android malware detection through machine learning on kernel task structures. Neurocomputing 435:126–150. https://doi.org/10.1016/j.neucom.2020.12.088

    Article  MATH  Google Scholar 

  10. He X, Li R (2024) Malware detection for container runtime based on virtual machine introspection. J Supercomput 80(6):7245–7268. https://doi.org/10.1007/s11227-023-05727-w

    Article  MathSciNet  MATH  Google Scholar 

  11. Alzaylaee MK, Yerima SY, Sezer S (2020) Dl-droid: deep learning based android malware detection using real devices. Comput Secur 89:101663. https://doi.org/10.1016/j.cose.2019.101663

    Article  Google Scholar 

  12. Han Q, Subrahmanian V, Xiong Y (2020) Android malware detection via (somewhat) robust irreversible feature transformations. IEEE Trans Inf Forensics Secur 15:3511–3525. https://doi.org/10.1109/TIFS.2020.2975932

    Article  Google Scholar 

  13. Mahindru A, Sangal AL (2021) Hybridroid: an empirical analysis on effective malware detection model developed using ensemble methods. J Supercomput 77(8):8209–8251. https://doi.org/10.1007/s11227-020-03569-4

    Article  MATH  Google Scholar 

  14. Liu H, Gong L, Mo X, Dong G, Yu J (2024) Ltachecker: lightweight android malware detection based on Dalvik opcode sequences using attention temporal networks. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2024.3394555

    Article  Google Scholar 

  15. Vinayaka K, Jaidhar C (2021) Android malware detection using function call graph with graph convolutional networks. In: 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), IEEE, pp 279–287. https://doi.org/10.1109/ICSCCC51823.2021.9478141

  16. Chakravarty S et al (2020) Feature selection and evaluation of permission-based android malware detection. In: 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184), IEEE, pp 795–799. https://doi.org/10.1109/ICOEI48184.2020.9142929

  17. Şahin DÖ, Kural OE, Akleylek S, Kılıç E (2023) A novel permission-based android malware detection system using feature selection based on linear regression. Neural Comput Appl. https://doi.org/10.1007/s00521-021-05875-1

    Article  MATH  Google Scholar 

  18. Chen YM, Hsu CH, Chung KCK (2019) A novel preprocessing method for solving long sequence problem in android malware detection. In: 2019 Twelfth International Conference on Ubi-Media Computing (Ubi-Media), IEEE, pp 12–17. https://doi.org/10.1109/Ubi-Media.2019.00012

  19. Khan KN, Ullah N, Ali S, Khan MS, Nauman M, Ghani A (2022) Op2vec: an opcode embedding technique and dataset design for end-to-end detection of android malware. Secur Commun Netw 2022(1):3710968. https://doi.org/10.1155/2022/3710968

    Article  MATH  Google Scholar 

  20. Zhang B, Xiao W, Xiao X, Sangaiah AK, Zhang W, Zhang J (2020) Ransomware classification using patch-based CNN and self-attention network on embedded n-grams of opcodes. Futur Gener Comput Syst 110:708–720. https://doi.org/10.1016/j.future.2019.09.025

    Article  MATH  Google Scholar 

  21. Bostani H, Moonsamy V (2024) Evadedroid: a practical evasion attack on machine learning for black-box android malware detection. Comput Secur 139:103676. https://doi.org/10.1016/j.cose.2023.103676

    Article  Google Scholar 

  22. Cai M, Jiang Y, Gao C, Li H, Yuan W (2021) Learning features from enhanced function call graphs for android malware detection. Neurocomputing 423:301–307. https://doi.org/10.1016/j.neucom.2020.10.054

    Article  MATH  Google Scholar 

  23. He Y, Liu Y, Wu L, Yang Z, Ren K, Qin Z (2022) Msdroid: identifying malicious snippets for android malware detection. IEEE Trans Dependable Secur Comput 20(3):2025–2039. https://doi.org/10.1109/TDSC.2022.3168285

    Article  MATH  Google Scholar 

  24. Amer E, Zelinka I, El-Sappagh S (2021) A multi-perspective malware detection approach through behavioral fusion of API call sequence. Comput Secur 110:102449. https://doi.org/10.1016/j.cose.2021.102449

    Article  Google Scholar 

  25. Bhat P, Dutta K (2022) A multi-tiered feature selection model for android malware detection based on feature discrimination and information gain. J King Saud Univ Comput Inf Sci 34(10):9464–9477. https://doi.org/10.1016/j.jksuci.2021.11.004

    Article  MATH  Google Scholar 

  26. Kim T, Kang B, Rho M, Sezer S, Im EG (2018) A multimodal deep learning method for android malware detection using various features. IEEE Trans Inf Forensics Secur 14(3):773–788. https://doi.org/10.1109/TIFS.2018.2866319

    Article  MATH  Google Scholar 

  27. Song J, Li R, Zhang Z (2023) A multi-modality feature fusion method for android malware detection. In: Proceedings of the 2023 International Conference on Advances in Artificial Intelligence and Applications, pp 380–384. https://doi.org/10.1145/3603273.3635055

  28. Gu W (2021) A multimodal deep network model for android malware detection using permission. In: 2021 IEEE International Conference on Electronic Technology, Communication and Information (ICETCI), pp 63–67. https://doi.org/10.1109/ICETCI53161.2021.9563414

  29. Zhang S, Su H, Liu H, Yang W (2024) Mpdroid: a multimodal pre-training android malware detection method with static and dynamic features. Comput Secur. https://doi.org/10.1016/j.cose.2024.104262

    Article  MATH  Google Scholar 

  30. Li X, Liu L, Liu Y, Liu H (2025) Detecting android malware: a multimodal fusion method with fine-grained feature. Inf Fusion 114:102662. https://doi.org/10.1016/j.inffus.2024.102662

    Article  MATH  Google Scholar 

  31. Mohamad Arif J, Ab Razak MF, Awang S, Tuan Mat SR, Ismail NSN, Firdaus A (2021) A static analysis approach for android permission-based malware detection systems. PloS One 16(9):0257968. https://doi.org/10.1371/journal.pone.0257968

    Article  Google Scholar 

  32. Sihag V, Mitharwal A, Vardhan M, Singh P (2020) Opcode n-gram based malware classification in android. In: 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), IEEE, pp 645–650. https://doi.org/10.1109/WorldS450073.2020.9210386

  33. Soi D, Sanna A, Maiorca D, Giacinto G (2024) Enhancing android malware detection explainability through function call graph APIs. J Inf Secur Appl 80:103691. https://doi.org/10.1016/j.jisa.2023.103691

    Article  Google Scholar 

  34. Pan Y, Ge X, Fang C, Fan Y (2020) A systematic literature review of android malware detection using static analysis. IEEE Access 8:116363–116379. https://doi.org/10.1109/ACCESS.2020.3002842

    Article  Google Scholar 

  35. Apktool (2020) A tool for reverse engineering Android APK files. Accessed 12 September 2023. https://ibotpeaches.github.io/Apktool/

  36. Android Manifest.permission Reference. (2024) Accessed 10 July 2024. https://developer.android.com/reference/android/Manifest.permission

  37. Androguard (2019) Accessed 12 September 2023. https://github.com/androguard/

  38. Gong L, Li Z, Qian F, Zhang Z, Chen QA, Qian Z, Lin H, Liu Y (2020) Experiences of landing machine learning onto market-scale mobile malware detection. In: Proceedings of the Fifteenth European Conference on Computer Systems, pp 1–14. https://doi.org/10.1145/3342195.3387530

  39. Yang Y, Du X, Yang Z, Liu X (2021) Android malware detection based on structural features of the function call graph. Electronics. https://doi.org/10.3390/electronics10020186

    Article  MATH  Google Scholar 

  40. Android Developer Reference for Packages (2023) Accessed 15 May 2023. https://developer.android.com/reference/packages

  41. Mikolov T, Sutskever I, Chen K, Corrado GS, Dean J (2013) Distributed representations of words and phrases and their compositionality. In: Advances in neural information processing systems, vol 26

  42. Yuan H, Tang Y, Sun W, Liu L (2020) A detection method for android application security based on TF-IDF and machine learning. PloS One 15(9):0238694. https://doi.org/10.1371/journal.pone.0238694

    Article  MATH  Google Scholar 

  43. Alswaina F, Elleithy K (2018) Android malware permission-based multi-class classification using extremely randomized trees. IEEE Access 6:76217–76227. https://doi.org/10.1109/ACCESS.2018.2883975

    Article  MATH  Google Scholar 

  44. Zhang H, Xiao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based onN-gram of opcodes. Futur Gener Comput Syst 90:211–221. https://doi.org/10.1016/j.future.2018.07.052

    Article  Google Scholar 

  45. Ali M, Shiaeles S, Bendiab G, Ghita B (2020) Malgra: machine learning and n-gram malware feature extraction and detection system. Electronics 9(11):1777. https://doi.org/10.3390/electronics9111777

    Article  Google Scholar 

  46. Hamilton W, Ying Z, Leskovec J (2017) Inductive representation learning on large graphs. In: Advances in neural information processing systems, vol 30

  47. Wu Z, Gong Z, Koo J, Hirschberg J (2024) Multimodal multi-loss fusion network for sentiment analysis. In: Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), pp. 3588–3602. https://doi.org/10.18653/v1/2024.naacl-long.197

  48. Allix K, Bissyandé TF, Klein J, Le Traon Y (2016) Androzoo: collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories, pp. 468–471. https://doi.org/10.1145/2901739.2903508

  49. Mahdavifar S, Kadir AFA, Fatemi R, Alhadidi D, Ghorbani AA (2020) Dynamic android malware category classification using semi-supervised deep learning. In: 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), IEEE, pp 515–522. https://doi.org/10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094

  50. Mahdavifar S, Alhadidi D, Ghorbani AA (2022) Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J Netw Syst Manag 30(1):22. https://doi.org/10.1007/s10922-021-09634-4

    Article  Google Scholar 

  51. VirusTotal (2012) Free online virus, malware and URL scanner. Accessed 10 September 2023. https://www.virustotal.com

  52. Kipf TN, Welling M (2016) Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907. https://doi.org/10.48550/arXiv.1609.02907

  53. Du J, Zhang S, Wu G, Moura JM, Kar S (2017) Topology adaptive graph convolutional networks. arXiv preprint arXiv:1710.10370. https://doi.org/10.48550/arXiv.1710.10370

  54. Velickovic P, Cucurull G, Casanova A, Romero A, Lio P, Bengio Y et al (2017) Graph attention networks. stat 1050(20):10–48550. https://doi.org/10.48550/arXiv.1710.10903

    Article  Google Scholar 

  55. Xun G, Jha K, Sun J, Zhang A (2020) Correlation networks for extreme multi-label text classification. In: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp 1074–1082. https://doi.org/10.1145/3394486.340315

  56. Xie L, Li C, Wang Z, Zhang X, Chen B, Shen Q, Wu Z (2023) Shisrcnet: super-resolution and classification network for low-resolution breast cancer histopathology image. In: International Conference on Medical Image Computing and Computer-Assisted Intervention, Springer, pp 23–32. https://doi.org/10.1007/978-3-031-43904-9_3

  57. Vaswani A (2017) Attention is all you need. Advances in Neural Information Processing Systems. https://doi.org/10.48550/arXiv.1706.03762

  58. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C (2014) Drebin: effective and explainable detection of android malware in your pocket. Ndss 14:23–26

    Google Scholar 

  59. Fan M, Liu J, Wang W, Li H, Tian Z, Liu T (2017) Dapasa: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans Inf Forensics Secur 12(8):1772–1785. https://doi.org/10.1109/TIFS.2017.2687880

    Article  MATH  Google Scholar 

  60. McLaughlin N, Rincon J, Kang B, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupé A et al (2017) Deep android malware detection. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp 301–308. https://doi.org/10.1145/3029806.3029823

  61. Onwuzurike L, Mariconti E, Andriotis P, Cristofaro ED, Ross G, Stringhini G (2019) Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans Privacy Secur 22(2):1–34. https://doi.org/10.1145/3313391

    Article  Google Scholar 

  62. Wu Y, Li X, Zou D, Yang W, Zhang X, Jin H (2019) Malscan: fast market-wide mobile malware scanning by social-network centrality analysis. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 139–150. https://doi.org/10.1109/ASE.2019.00023

Download references

Funding

No funding was received for conducting this study.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Xinjiang University, Urumqi, 830046, Xinjiang, China

    Yi Meng, Nurbol Luktarhan & Xiaotong Yang

  2. School of Software, Xinjiang University, Urumqi, 830091, Xinjiang, China

    Guodong Zhao

Authors
  1. Yi Meng
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Nurbol Luktarhan
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Xiaotong Yang
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Guodong Zhao
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Yi Meng worked in investigation, conceptualization, methodology, software, writing-original draft, visualization, and writing-review editing. Nurbol Luktarhan helped in conceptualization, methodology, writing-review editing, supervision, funding acquisition, and project administration. Xiaotong Yang helped in writing-review editing. Guodong Zhao helped in writing-review editing.

Corresponding author

Correspondence to Nurbol Luktarhan.

Ethics declarations

Conflict of interest

The authors declare no Conflict of interest.

Ethics approval and consent to participate

This manuscript has not been published nor is it currently under consideration for publication elsewhere.

Consent for publication

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Meng, Y., Luktarhan, N., Yang, X. et al. GBADroid: an Android malware detection method based on multi-view feature fusion. J Supercomput 81, 491 (2025). https://doi.org/10.1007/s11227-025-06977-6

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-025-06977-6

Keywords