Android malware detection system integrating block feature extraction and multi-head attention mechanism

Yi Ming Chen, An Chi He, Guo Chung Chen, Yu Chi Liu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations


With the rapid development of deep learning technology, the task of detecting mobile malware has made breakthrough progress. However, the deep learning model based on time series, when inputting long sequence features, still has the problem of gradient vanish due to the memory limitation of the recurrent neural network. Therefore, many subsequent studies have proposed feature compression and extraction methods for long sequence features, but no research has been found that can compress the sequence while still covering the complete feature information of the original sequence and the semantic temporal relationship. Therefore, this paper proposes a multi-model malware detection architecture that focuses on covering the global features while still maintaining partial timing relationships between compressed features. After integrating the Multi-head Attention mechanism, the recurrent neural network memory problem is improved. The model is executed in two stages: the pre-processing stage, which mainly performs segmentation and statistics for Dalvik Opcode; In the detection stage, input Bi-LSTM for semantic extraction. This stage helps to compress the original Opcode sequence to generate rich timing semantic block sequence of the meaning is used as the classification feature of the downstream classifier. The classifier in this study improves the Transformer model. The Multi-head Attention mechanism is used to efficiently focus on the sequence features, and the Global Pooling Layer is subsequently added to strengthen the model's sensitivity to data. Dimensionality reduction is performed to reduce overfitting of the model. Experimental results show that the accuracy reaches 99.63%, which is better than the deep learning method using images, and effectively reduces the vanishing gradient problem.

Original languageEnglish
Title of host publicationProceedings - 2020 International Computer Symposium, ICS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781728192550
StatePublished - Dec 2020
Event2020 International Computer Symposium, ICS 2020 - Tainan, Taiwan
Duration: 17 Dec 202019 Dec 2020

Publication series

NameProceedings - 2020 International Computer Symposium, ICS 2020


Conference2020 International Computer Symposium, ICS 2020


  • Android
  • Deep Learning
  • LSTM
  • Static Analysis
  • Transformer
  • multi-head attention


Dive into the research topics of 'Android malware detection system integrating block feature extraction and multi-head attention mechanism'. Together they form a unique fingerprint.

Cite this