ArchSentry: Enhanced Android Malware Detection via Hierarchical Semantic Extraction

Android malware poses a significant challenge for mobile platforms. To evade detection, contemporary malware variants use API substitution or obfuscation techniques to hide malicious activities and mask their shallow semantic characteristics. However, existing research lacks analysis of the hierarchical semantic associated with Android apps. To address this problem, we propose ArchSentry, an enhanced Android malware detection via hierarchical semantic extraction. First, we select entities and their relationships relevant to Android software behavior through the software architecture and represent them using a heterogeneous graph. Then, we structure meta-paths to represent rich semantic information to achieve semantic enhancement and improve efficiency. Next, we design a meta-path semantic selection method based on KL Divergence to identify and eliminate redundant features. To achieve a comprehensive representation of the overall software semantics and improve performance, we construct a feature fusion approach based on Restricted Boltzmann Machines (RBM) and AutoEncoder (AE) during the pre-training phase, while preserving the probability distribution characteristics of various meta-paths. Finally, Deep Neural Networks (DNN) process fusion features for comprehensive feature sets. Experimental results on real-world application samples indicate that ArchSentry achieves a remarkable 99.2% detection rate for Android malware, with a low false positive rate below 1%. These results surpass the performance of current state-of-the-art approaches.