Saved in:
Bibliographic Details
Main Authors: Liu, Zichen, Yang, Shao, Xiao, Xusheng
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.14344
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918161706647552
author Liu, Zichen
Yang, Shao
Xiao, Xusheng
author_facet Liu, Zichen
Yang, Shao
Xiao, Xusheng
contents Mobile app markets host millions of apps, yet undesired behaviors (e.g., disruptive ads, illegal redirection, payment deception) remain hard to catch because they often do not rely on permission-protected APIs and can be easily camouflaged via UI or metadata edits. We present BINCTX, a learning approach that builds multi-modal representations of an app from (i) a global bytecode-as-image view that captures code-level semantics and family-style patterns, (ii) a contextual view (manifested actions, components, declared permissions, URL/IP constants) indicating how behaviors are triggered, and (iii) a third-party-library usage view summarizing invocation frequencies along inter-component call paths. The three views are embedded and fused to train a contextual-aware classifier. On real-world malware and benign apps, BINCTX attains a macro F1 of 94.73%, outperforming strong baselines by at least 14.92%. It remains robust under commercial obfuscation (F1 84% post-obfuscation) and is more resistant to adversarial samples than state-of-the-art bytecode-only systems.
format Preprint
id arxiv_https___arxiv_org_abs_2510_14344
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle BinCtx: Multi-Modal Representation Learning for Robust Android App Behavior Detection
Liu, Zichen
Yang, Shao
Xiao, Xusheng
Cryptography and Security
Artificial Intelligence
Mobile app markets host millions of apps, yet undesired behaviors (e.g., disruptive ads, illegal redirection, payment deception) remain hard to catch because they often do not rely on permission-protected APIs and can be easily camouflaged via UI or metadata edits. We present BINCTX, a learning approach that builds multi-modal representations of an app from (i) a global bytecode-as-image view that captures code-level semantics and family-style patterns, (ii) a contextual view (manifested actions, components, declared permissions, URL/IP constants) indicating how behaviors are triggered, and (iii) a third-party-library usage view summarizing invocation frequencies along inter-component call paths. The three views are embedded and fused to train a contextual-aware classifier. On real-world malware and benign apps, BINCTX attains a macro F1 of 94.73%, outperforming strong baselines by at least 14.92%. It remains robust under commercial obfuscation (F1 84% post-obfuscation) and is more resistant to adversarial samples than state-of-the-art bytecode-only systems.
title BinCtx: Multi-Modal Representation Learning for Robust Android App Behavior Detection
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2510.14344