A multimodal fusion method for android malware detection based on modal independence preservation
Article
Liu, Z, Ji, X, Peng, B et al. (2026). A multimodal fusion method for android malware detection based on modal independence preservation
. 134 10.1016/j.inffus.2026.104388
Liu, Z, Ji, X, Peng, B et al. (2026). A multimodal fusion method for android malware detection based on modal independence preservation
. 134 10.1016/j.inffus.2026.104388
Android malware detection techniques are crucial for safeguarding the privacy and property security of mobile users. Multimodal features have rich knowledge for identifying malicious behaviors, which attracts research attention recently. A usual way to combine the features from different modalities is to learn these features in a shared space. This approach can effectively maintain a coherent and unified representation across different modalities. But it may lead to modal homogenization, resulting in the loss of modal specific discrimination information. As a result, it may degrade the model performance and the model robustness. To address this issue, this paper proposes a new method called MIPDroid(Modal independence preservation based Android malware detection method). It learns complementary information from three modalities–permissions, API calls, and Dex bytecode–while retaining the independent discriminative information of each modality for malware detection. Specifically, permission names are transformed into natural language descriptions to facilitate semantic understanding, and their semantic representations are subsequently extracted using DistilBERT. In the fusion stage, dynamic weighting of multimodal features and a cosine similarity constraint loss between modalities are introduced to explicitly preserve the independence of the three types of features. Experiments conducted on a dataset of 15,000 real-world samples spanning from 2016 to 2022. The results demonstrate that our proposed method achieves an accuracy of 97% and an F1-score of 92.28%. It achieves an average improvement of 4.13% in F1-score when compared to recent multimodal fusion techniques in the field of Android malware detection. In addition, it exhibits enhanced robustness, showing a considerably lower evasion rate against adversarial attacks.
