Introduce

Android applications have emerged as a prime target for hackers. Android malware detection stands as a pivotal technology, crucial for safeguarding network security and thwarting anomalies. However, traditional static analysis makes it difficult to analyze shell applications, while dynamic analysis requires higher system resources. We propose a novel lightweight Android malware deep-learning detection model based on LSTM-TCN-Attention (LTA). This study delves into the Dalvik opcode sequences of Android malware, employing the N-gram algorithm to partition sequences and extract contextual information features conducted using a Genetic Algorithm (GA). Then, LSTM and TCN algorithms are employed to capture long-term dependencies and local features, enabling comprehensive comprehension of temporal information within Dalvik opcode sequences. Additionally, TCN facilitates feature extraction across various time scales, thereby enabling the detection of anomaly patterns across diverse temporal scales within Dalvik opcode sequences. Moreover, we introduce multi-head attention mechanisms reinforced learning to direct the model's focus toward behavioral cues within malicious software sequences. Finally, extensive experiment results show that our proposed methodology and model exhibit higher detection accuracy and robustness, achieving an accuracy rate of 98.69% on average, surpassing traditional machine learning methods such as Random Forest, Pseudo-Label Deep Neural Networks.

• The picture on the right is the overall workflow diagram.