Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.080632
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

Android Software Malicious Detection Based on Dynamic Network Traffic Mixing API Information and Feature Importance Analysis

Kang Yang1,2, Lizhi Cai1,2,*, Jianhua Wu1,2
1 Shanghai Key Laboratory of Computer Software Testing & Evaluating, Shanghai, China
2 Shanghai Development Center of Computer Software Technology, Shanghai, China
* Corresponding Author: Lizhi Cai. Email: email
(This article belongs to the Special Issue: Malware Analysis, Forensics, and Detection Using Artificial Intelligence)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.080632

Received 13 February 2026; Accepted 31 March 2026; Published online 27 April 2026

Abstract

Accurate malware identification and family categorization remain significant challenges in large-scale Android software analysis. Although deep learning has surpassed traditional machine learning in performance, its widespread adoption is hindered by the computational overhead stemming from feature redundancy and the lack of interpretability inherent in its black-box nature. To address these issues, this paper proposes DroidNTA, a DL-based detection model that fuses network traffic and API features. The model first constructs a simplified API Call Graph by extracting the intrinsic structural attributes of applications, and subsequently generates API feature vectors from invocation sequences using a Markov chain algorithm. These are then integrated with dynamic network traffic features to form a final representation vector of the Android instance. To enhance transparency, DroidNTA performs feature contribution analysis by adjusting fusion parameters and employs Shapley values to quantify global feature importance. Experimental results demonstrate that DroidNTA achieves superior performance in both binary and family classification tasks, yielding an accuracy of 99.74% and a gain of over 20%, respectively. We have released our code at https://github.com/joeyyk/DroidNTA.

Keywords

Android; malware; deep learning; network traffic

  • 82

    View

  • 15

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link