Lightweight multi-view dynamic android malware detection via time-windowed feature extraction
摘要
Dynamic malware detection for Android applications presents a significant challenge due to the high processing costs associated with runtime behavior analysis. These costs are further amplified in multi-view models, which extract and process features from multiple behavioral perspectives such as network, system, and file activities. Addressing this challenge is required to ensure accurate yet lightweight detection mechanisms suitable for deployment in mobile devices. In this paper, we propose a novel Android dynamic malware detection model implemented in two phases: a time-window-based feature extraction mechanism and a multi-view classification strategy. The first phase segments application execution into short intervals, enabling low-latency and lightweight feature extraction. The second phase applies an ensemble of classifiers across different views, combining their outputs through majority voting to enhance detection accuracy without incurring additional overhead. We evaluate our approach using a newly constructed dataset composed of 4,128 APKs, including benign and malware samples from nine families. Our results show that the proposed method significantly improves classification performance, increasing AUC by up to 0.06 compared to traditional single-view approaches. Furthermore, we demonstrate that increasing the feature extraction time window benefits accuracy across all views while maintaining the model’s suitability for lightweight execution.