SAC: Collaborative learning of structure and content features for Android malware detection framework

With the rapid development of Internet of Things (IoT) technology, Android devices have increasingly become primary targets for malware attacks. Although significant research has been conducted in the field of malware detection, existing methods still face challenges when dealing with complex samples. In particular, a more comprehensive analysis is required in the domain of feature extraction. To enhance the accuracy of malware detection, we propose the SAC framework. This method utilizes Dalvik Executable (DEX) files as the data source and achieves deep integration of multi-view features by collaboratively modeling image and graph data types. Specifically, to accurately capture the local features of malware and improve the identification of critical behavioral patterns, we designed a task-oriented convolutional neural network (CNN) named IFNeXt, which integrates visualization analysis with an inverted bottleneck structure. Furthermore, we introduced a dual-channel graph convolutional network (GCN) that models the hierarchical structure of bytecode as a directed graph, capturing the co-occurrence relationships and semantic similarities between method calls. This approach enables a deeper exploration of the global structural features of malware. The SAC framework fully leverages the complementary advantages of image and graph data structures, providing a more comprehensive characterization of malware features from both content and structural perspectives. Experimental results demonstrate that our method achieves a detection accuracy of 99.43% on multiple real-world public datasets, significantly outperforming existing state-of-the-art detection techniques. This indicates the potential and innovation of our approach in enhancing the security of the Android platform.