DOI: 10.3390/info17070643 ISSN: 2078-2489

A Lightweight Framework for Android Malware Detection via SDAE-Based Multi-View Static Feature Fusion

Man Hua, Yanhang Shi, Yanling Li

Android malware detection is increasingly important for mobile and edge security because malicious applications may compromise user privacy, device reliability, and sensitive service transactions. However, single-view static detection methods often provide limited semantic coverage and are sensitive to noisy or obfuscated code, while many deep learning models remain too heavy for resource-constrained deployment. To address these challenges, this paper proposes a lightweight Android malware detection framework based on SDAE-guided multi-view static feature fusion. The framework extracts three complementary static views, namely API calls, permission requests, and system components, from AndroidManifest.xml and classes.dex. These views are independently denoised and compressed by stacked denoising autoencoders, then aligned as the R, G, and B channels of a pseudo-RGB representation. A compact MicroNet-SE classifier with squeeze-and-excitation blocks is used to recalibrate the fused semantic channels and perform malware classification. Experiments on the CICMalDroid 2020 and CIC-AndMal2017 datasets show that the proposed framework achieves 99.01% accuracy, 99.15% precision, 98.99% recall, and 99.07% F1-score, with only 99.6 k parameters and a model size of 1.26 MB. After conversion to TensorFlow Lite, the MicroNet-SE classifier achieves average on-device inference latencies ranging from 1.85 ms to 2.16 ms on two real mobile devices. The model also maintains stable performance under synthetic feature perturbations and practical APK-level obfuscation settings. These findings suggest that combining multi-view static semantics with denoising-based representation learning can improve both detection robustness and deployment efficiency. Overall, the results indicate that the proposed framework provides an effective and lightweight static screening component for Android malware detection in resource-constrained mobile and edge environments.

More from our Archive