Graph-augmented multi-modal learning framework for robust android malware detection

Citation

Tanveer, Muhammad Usama and Munir, Kashif and Alyamani, Hasan J. and Hassan, Syed Rizwan and Sheraz, Muhammad and Chuah, Teong Chee (2025) Graph-augmented multi-modal learning framework for robust android malware detection. Scientific Reports, 15 (1). ISSN 2045-2322

[img] Text
s41598-025-22169-x.pdf - Published Version
Restricted to Repository staff only

Download (2MB)

Abstract

The widespread adoption of Android has made it a primary target for increasingly sophisticated malware, posing a significant challenge to mobile security. Traditional static or behavioural approaches often struggle with obfuscation and lack contextual integration across multiple feature domains. In this work, we propose GIT-GuardNet, a novel Graph-Informed Transformer Network that leverages multi-modal learning to detect Android malware with high precision and robustness. GIT-GuardNet fuses three complementary perspectives: (i) static code attributes captured through a Transformer encoder, (ii) call graph structures modelled via a Graph Attention Network (GAT), and (iii) temporal behaviour traces learned using a Temporal Transformer. These encoders are integrated using a cross-attention fusion mechanism that dynamically weighs inter-modal dependencies, enabling more informed decision-making under both benign and adversarial conditions. We conducted comprehensive experiments on a large-scale dataset comprising 15,036 Android applications, including 5,560 malware samples from the Drebin project. GIT-GuardNet achieves state-of-the-art performance, reaching 99.85% accuracy, 99.89% precision, and 99.94 AUC, outperforming traditional machine learning models, single-view deep networks, and recent hybrid approaches like DroidFusion. Ablation studies confirm the complementary impact of each modality and the effectiveness of the cross-attention design. Our results demonstrate the strong generalization of GIT-GuardNet in obfuscated and stealthy threats, low inference overhead, and practical applicability for real-world mobile threat detection. This study provides a powerful and extensible framework for future research in secure mobile computing and intelligent malware defence.

Item Type: Article
Uncontrolled Keywords: Android malware detection, Call graph modelling, Cross-attention fusion, Deep learning, Multi-modal learning;, Static code analysis, Temporal behavior analysis
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science > QA76.75-76.765 Computer software
Divisions: Faculty of Artificial Intelligence & Engineering (FAIE)
Depositing User: Nor Afiqah Mohd Adnan
Date Deposited: 10 Dec 2025 03:09
Last Modified: 10 Dec 2025 03:09
URII: http://shdl.mmu.edu.my/id/eprint/15018

Downloads

Downloads per month over past year

View ItemEdit (login required)