The rapid proliferation of Android apps has given rise to a dark side, where increasingly sophisticated malware poses a formidable challenge for detection. To combat this evolving threat, we present an explainable hybrid multi-modal framework. This framework leverages the power of deep learning, with a novel model fusion technique, to illuminate the hidden characteristics of malicious apps. Our approach combines models (leveraging late fusion approach) trained on attributes derived from static and dynamic analysis, hence utilizing the unique strengths of each model. We thoroughly analyze individual feature categories, feature ensembles, and model fusion using traditional machine learning classifiers and deep neural networks across diverse datasets. Our hybrid fused model outperforms others, achieving an F1-score of 99.97% on CICMaldroid2020. We use SHAP (SHapley Additive exPlanations) and t-SNE (t-distributed Stochastic Neighbor Embedding) to further analyze and interpret the best-performing model. We highlight the efficacy of our architectural design through an ablation study, revealing that our approach consistently achieves over 99% detection accuracy across multiple deep learning models. This paves the way groundwork for substantial advancements in security and risk mitigation within interconnected Android OS environments.

中文翻译：

---

通过混合多模式方法防御 Android 恶意软件


Android 应用程序的迅速扩散催生了阴暗面，其中日益复杂的恶意软件对检测构成了巨大的挑战。为了应对这种不断演变的威胁，我们提出了一个可解释的混合多模式框架。该框架利用深度学习的力量，采用新颖的模型融合技术，揭示了恶意应用程序的隐藏特征。我们的方法结合了根据静态和动态分析得出的属性训练的模型（利用后期融合方法），从而利用每个模型的独特优势。我们使用传统的机器学习分类器和跨不同数据集的深度神经网络全面分析各个特征类别、特征集成和模型融合。我们的混合融合模型优于其他模型，在 CICMaldroid2020 上取得了 99.97% 的 F1 分数。我们使用 SHAP （SHapley 加法解释） 和 t-SNE （t 分布随机邻域嵌入） 来进一步分析和解释性能最佳的模型。我们通过消融研究强调了我们架构设计的有效性，揭示了我们的方法在多个深度学习模型中始终实现超过 99% 的检测准确率。这为互连 Android 操作系统环境中安全性和风险缓解的重大进步铺平了道路。