LTAChecker: Lightweight Android Malware Detection Based on Dalvik Opcode Sequences Using Attention Temporal Networks

Android applications have emerged as a prime target for hackers. Android malware detection stands as a pivotal technology, crucial for safeguarding network security and thwarting anomalies. However, traditional static analysis makes it difficult to analyze new malicious applications, while dynamic analysis requires higher system resources. We propose a novel lightweight Android malware deep-learning detection framework based on attention temporal networks. This study delves into the Dalvik opcode sequences of Android malware, employing the N-gram algorithm to partition sequences and extract contextual information features. Then, LSTM and TCN algorithms are employed to capture long-term dependencies and local features, enabling comprehensive comprehension of temporal information within Dalvik opcode sequences. Especially, TCN facilitates feature extraction across various time scales, thereby enabling the detection of anomaly patterns across diverse temporal scales within Dalvik opcode sequences. Moreover, we introduce multi-head attention mechanisms and reinforced learning to direct the model’s focus toward behavioral cues within malicious software sequences. Finally, extensive experiment results show that our proposed methodology and model exhibit higher detection accuracy and robustness, achieving an accuracy rate of 98.69% on average, surpassing traditional machine learning methods such as random forest, and Pseudo-Label deep neural networks.