<p>The rapid expansion of mobile connectivity and the global reliance on smartphones have positioned Android as the leading platform, driven by its affordability and open source framework. However, its open architecture also introduces vulnerabilities, making it a prime target for malware and posing severe cybersecurity risks. To address these issues, this research introduces an improved, static-analysis-based malware detection approach based on reverse-engineered, disassembled code (smali files), focusing on real permissions and Application Programming Interface (API) call sequence features. The proposed methodology utilizes the Bidirectional Encoder Representations from Transformers (BERT) model to convert textual features into contextualized vector representations, effectively capturing semantic relationships. Particle Swarm Optimization (PSO) with nested cross-validation reduces dimensionality by &#xa0;50%, and five machine learning classifiers are evaluated. When benchmarked on the Drebin and AndroZoo datasets against the TF-IDF baseline, the BERT–PSO approach achieved an accuracy of 96.27%–97.87%, competitive with state-of-the-art techniques. A comprehensive ablation study confirmed the contribution of each pipeline stage, sensitivity analysis validated PSO fitness weighting parameters, and temporal validation across 2–7 years of evolving malware achieved 84.87% accuracy, demonstrating robustness. This study demonstrates the effectiveness of combining advanced natural language processing techniques for feature representation, evolutionary optimization for feature selection, rigorous ablation and temporal validation, explainable AI for interpretability, and established machine learning classifiers in designing a reliable Android malware detection framework.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A BERT and PSO framework for Android malware detection using real permissions and API calls

  • Abhinandan Banik,
  • Jyoti Prakash Singh

摘要

The rapid expansion of mobile connectivity and the global reliance on smartphones have positioned Android as the leading platform, driven by its affordability and open source framework. However, its open architecture also introduces vulnerabilities, making it a prime target for malware and posing severe cybersecurity risks. To address these issues, this research introduces an improved, static-analysis-based malware detection approach based on reverse-engineered, disassembled code (smali files), focusing on real permissions and Application Programming Interface (API) call sequence features. The proposed methodology utilizes the Bidirectional Encoder Representations from Transformers (BERT) model to convert textual features into contextualized vector representations, effectively capturing semantic relationships. Particle Swarm Optimization (PSO) with nested cross-validation reduces dimensionality by  50%, and five machine learning classifiers are evaluated. When benchmarked on the Drebin and AndroZoo datasets against the TF-IDF baseline, the BERT–PSO approach achieved an accuracy of 96.27%–97.87%, competitive with state-of-the-art techniques. A comprehensive ablation study confirmed the contribution of each pipeline stage, sensitivity analysis validated PSO fitness weighting parameters, and temporal validation across 2–7 years of evolving malware achieved 84.87% accuracy, demonstrating robustness. This study demonstrates the effectiveness of combining advanced natural language processing techniques for feature representation, evolutionary optimization for feature selection, rigorous ablation and temporal validation, explainable AI for interpretability, and established machine learning classifiers in designing a reliable Android malware detection framework.