TTGNet-AMD: Android malware detection based on multi-modal feature fusion

Get function call graph features

Function call features (Shi et al., 2023) are the core mechanism for the collaboration between programming languages and computer systems. In essence, a function (caller) executes another function (callee) according to specific rules, and completes control transfer, data transfer, and context management in the process. In Android software analysis, each function name in Android software can be abstracted as a node in a graph structure, and the calling relationship between caller and callee can be modeled as a directed edge to construct a complete function call graph. However, owing to the large scale of Android applications and the highly complex nature of function call behaviors, the constructed function call graphs tend to be intricate. To improve detection efficiency, this study optimizes the function call graph, selects sensitive nodes and edges based on a sensitive API list, and retains only the calling features that have a significant impact on program behavior, which serves as the core basis for Android malware detection. The specific process is as shown in Algorithm 1.

The input of Algorithm 1 is the function call graph and the sensitive API list, and the output is the pruning rate and the optimized function call graph. In the function call graph, nodes are denoted by N and edges by E. Lines 1–5 of Algorithm 1 mainly traverse the function call graph and the sensitive API list file into the graph object G and the list S. Lines 6–13 of Algorithm 1 traverse each node in the graph object G to determine whether it is a sensitive API node and whether all neighboring nodes are sensitive API nodes. If the node is a non-sensitive API node and there are no sensitive API nodes in the neighboring nodes, the node and its adjacent edges are removed. Lines 15 of Algorithm 1 return the pruning rate and the optimized function call graph, respectively.

The comparison of the function call graph before and after call simplification is shown in Fig. S1.

The partial function call graph of the 0a2fcfaef156af4cbb3fb7fde503535dca2fddd07316 bfb59df741118f6f269c.apk malware, which contains 367 edges and 192 nodes. After simplification, it contains 42 edges and 21 nodes, and the simplification rate reaches 88%.

Get opcode sequence features

Opcode features (Tang et al., 2022) refer to instruction-level features extracted from program binary code or intermediate representations (such as bytecodes) to characterize program behavior patterns or functional features. In the process of obtaining opcode sequence features, the original APK file cannot be directly used as training data for the TTGNet-AMD method. Instead, the APK file needs to be parsed by a decompilation tool to extract the classes.dex file. Subsequently, it is converted into a *.smali intermediate code file, and the opcode instruction sequence is extracted from it as the original data feature for subsequent analysis and training. The main steps of preprocessing are shown in Fig. S2.

The Apktool (Dai et al., 2021) tool provided by Google was utilized to decompile the target APK file. During the decompilation process, the main source code files running on the Dalvik virtual machine are obtained, which are Smali format files. Given the huge quantity of Dalvik instructions (including over 200 instructions), this study systematically classifies and optimizes the instruction set to improve analysis efficiency. First, we removed the redundant instructions that were irrelevant to the research objective. Subsequently, we retained a core instruction set along with its corresponding opcode fields. Finally, we stored the screened core instruction set data in a structured text format (.txt) to establish a solid data foundation for subsequent analysis.

Learning opcode sequence feature models

The long short-term memory (LSTM) network is a special recurrent neural network (RNN) (Liu & Song, 2022) designed to solve the gradient vanishing problem of traditional RNNs when processing long sequence data. LSTM can effectively capture long-distance dependencies by introducing memory cells and gating mechanisms. The core of LSTM is three gating mechanisms (forget gate, input gate, output gate) and a memory cell. The forget gate determines which information is discarded from the memory cell. The opcode sequence feature ${\mathrm{x}}_t$ obtained above is input into the LSTM model, as shown in Eq. (1):

(1) $$f_t=\sigma (W_f\cdot |h_{t-1},x_t|+b_f).$$

Among them, $f_t$ is the output of the forget gate, which ranges from 0 to 1. $W_f$ is the weight matrix of the forget gate, $h_{t-1}$ is the hidden state of the previous moment, $x_t$ is the input of the current moment, $b_f$ is the bias term of the forget gate, $\sigma$ is the sigmoid activation function. The final LSTM model output is a sequence feature, represented by $f_t$.

The input gate determines which new information is stored in the memory cell, as shown in Eqs. (2) and (3):

(2) $$i_t=\sigma (W_i\cdot |{\mathrm{h}}_{t-1},x_t|+b_i)$$

(3) $${\overline{C}}_t=\tanh (W_c\cdot |h_{t-1},x_t|+b_c),$$where $i_t$ is the output of the input gate, ${\overline{C}}_t$ is the candidate memory cell state, $W_i$ and $W_c$ are the weight matrices of the input gate and candidate state, and $b_i$ and $b_c$ are bias terms.

Next, the memory unit is updated, and the memory unit state is updated through the forget gate $f_t$ and the input gates $i_t$ and ${\overline{C}}_t$. Specifically, as shown in Eq. (4):

(4) $$C_t=f_t\cdot C_{t-1}+i_t\cdot {\overline{C}}_t.$$

Among them, $C_{t-1}$ is the state of the memory unit at the previous moment, and $C_t$ is the state of the memory unit at the current moment.

The output gate determines which information is output from the memory unit to the hidden state. Specifically, as shown in Eqs. (5) and (6):

(5) $$o_t=\sigma (W_o\cdot |h_{t-1},x_t|+b_o)$$

(6) $${\mathrm{H}}_t=o_t\cdot \tanh (C_t).$$

Among them, $o_t$ is the output of the output gate, ${\mathrm{H}}_t$ is the hidden state at the current moment, $W_o$ is the weight matrix of the output gate, and $b_o$ is the bias term.

In the LSTM model, the sigmoid function is the core component of the gating mechanism (input gate, forget gate, and output gate). The output range of the Sigmoid function is [0, 1], which is used to control the passage or forgetting of information. Specifically, as shown in Eq. (7):

(7) $$sigmoid(i)={\displaystyle \frac{1}{1+e^{-i}}.}$$

Here, $i$ represents the input value, and ${\displaystyle \frac{1}{1+e^{-i}}}$ maps the input $i$ to the [0, 1].

The Tanh() activation function is applied in the LSTM model, which is mainly used to perform nonlinear transformation on the values of memory units and hidden states, compressing them into the range of [−1, 1], and enhancing the expressiveness of the model. Specifically, it is shown in Eq. (8):

(8) $$\tanh (s)={\displaystyle \frac{e^s-e^{-s}}{e^s+e^{-s}}.}$$

Among them, $s$ represents the input value, $e^s$ is the exponential growth of input $s$, $e^{-s}$ is the exponential decay of input $s$, $e^s-e^{-s}$ determines the output range and shape of the function, $e^s+e^{-s}$ is used for normalization, and ${\displaystyle \frac{e^s-e^{-s}}{e^s+e^{-s}}}$ maps the input $s$ to between [−1, 1].

Learning a function call graph feature model

The feature model constructed in this study employs a dual-module cascaded architecture. Firstly, the Transformer-based feature encoding module serializes the representation of the function call graph and leverages its attention mechanism to capture dependencies within the graph. Subsequently, the graph convolutional neural network (GCN) module spatially aggregates the high-order features output by the Transformer, thereby effectively extracting the local structural features of the function call graph.

• (1) Transformer

The optimized function call graph features obtained from data preprocessing are input into the Transformer model. The Transformer (Liu & Song, 2022) model is a deep learning architecture based on the self-attention (Lei, Hailin & Yujin, 2014) mechanism. Its core is to dynamically learn the dependencies between input features through the self-attention mechanism, thereby enhancing the significance of key features and suppressing the interference of irrelevant features. The Transformer model consists of four stages: input embedding, encoder, decoder, and output. Each stage is processed by multiple layers of self-attention and feedforward neural networks. The first is the input stage, which includes input embedding and position encoding. The input embedding is a function call graph matrix $x_m$, used to encode the structured semantic information of the program. Position encoding refers to adding position information to the input sequence, as shown in Eqs. (9) and (10):

(9) $$P{E}_{(pos,2i)}=\sin \left({\displaystyle \frac{pos}{{10,000}^{{\displaystyle \frac{2i}{d}}}}}\right)$$

(10) $$P{E}_{(pos,2i+1)}=\cos \left({\displaystyle \frac{pos}{{10,000}^{{\displaystyle \frac{2i}{d}}}}}\right).$$

Among them, $P{E}_{(pos,2i)}$ and $P{E}_{(pos,2i+1)}$ represent the values of the $2i$-th dimension and the $2i+1$-th dimension in the positional encoding vector, respectively, $pos$ represents the position of an element in the input sequence, $i$ represents the dimension index of the positional encoding vector, $d$ represents the dimension of the positional encoding vector, which is usually the same as the dimension of the input embedding, and $10,{000}^{{\displaystyle \frac{2i}{d}}}$ is a scaling factor used to control the frequency of different dimensions.

Next is the encoder stage, which is composed of multiple identical layers stacked together. Each layer includes a multi-head self-attention mechanism, a feed-forward neural network, and residual connections and layer normalization. Multi-head attention captures information in different subspaces by calculating multiple self-attention heads in parallel, as shown in Eq. (11):

(11) $$MultiHead(Q,K,V)=Concat(hea{d}_1,hea{d}_2,\dots ,hea{d}_h)W_o$$

The calculation of each attention head is shown in Eq. (12):

(12) $$hea{d}_i=Attention(Q{W_i}^Q,K{W_i}^K,V{W_i}^V),$$

$Q$, $K$, $V$ denote the query matrix, key matrix, and value matrix, respectively. Among them, $Q$, $K$, $V$ are obtained by multiplying the input matrix $x_m$ by the corresponding learnable weight matrix $W_Q$, $W_K$, $W_V$. ${W_i}^Q$, ${W_i}^K$, ${W_i}^V$ denote the learnable weight matrix of each head, respectively. $W_o$ denotes the output weight matrix.

The feedforward neural network performs nonlinear transformation on the features of each position, as shown in Eq. (13):

(13) $$FFN(x)=max(0,x{W}_1+b_1)W_2+b_2.$$

Among them, $W_1$, $W_2$ are weight matrices, and $b_1$, $b_2$ are bias terms.

Residual connection and layer normalization refer to adding residual connection and layer normalization after each sublayer, as shown in Eq. (14):

(14) $$s_t=LayerNorm(x+Sublayer(x)),$$where $Sublayer(x)$ is the output of a self-attention or feed-forward neural network, $s_t$ is the output of the final decoder.

Next is the decoder stage, which is also composed of multiple identical layers stacked together. Each layer includes the Masked Multi-Head Self-Attention mechanism, the Encoder-Decoder Attention mechanism, the feedforward neural network, the residual connection, and the layer normalization. The Masked Multi-Head Self-Attention mechanism is used to prevent future information leakage. Its calculation process is similar to that of the Multi-Head Self-Attention mechanism, but the mask matrix $M$ is used when calculating the attention score, as shown in Eq. (15):

(15) $$A={\displaystyle \frac{Q{K}^T}{\sqrt{d_k}}+M.}$$

Among them, $A$ is the final attention score matrix, $Q$ is the query matrix, $K^T$ is the transpose of the key matrix so that it can be dot-producted with the query matrix, $Q{K}^T$ is the dot product of the query vector and the key vector, and the result is an attention score matrix that represents the similarity between each query vector and the key vector, $d_k$ is the dimension of the key vector, $\sqrt{d_k}$ is used for scaling to prevent the dot product value from being too large, and the mask matrix $M$ is an upper triangular matrix with 0 elements on and below the diagonal and negative infinity above the diagonal to ensure that the current position can only pay attention to the previous position.

The encoder-decoder attention mechanism is used for the decoder to pay attention to the output of the encoder. Its calculation process is similar to the multi-head self-attention mechanism, but the query matrix $Q$ comes from the decoder, and the key matrix $K$ and value matrix $V$ come from the encoder. Specifically, as shown in Eq. (16):

(16) $$Q=H_{dec}{W}_Q,K=H_{enc}{W}_K,\mathrm{V}={\mathrm{H}}_{\mathrm{e}\mathrm{n}\mathrm{c}}{W}_V$$where $H_{dec}$ is the hidden state of the decoder and $H_{enc}$ is the output of the encoder.

In the final output stage, the output of the decoder is subjected to a linear transformation to serve as the final output. This is specifically shown in Eq. (17).

(17) $$y_t=x_t{W}_{out}+b_{out}.$$

Here, $y_t$ represents the final output, $x_t$ represents the input, $W_{out}$ represents the weight matrix of the linear layer, and $b_{out}$ represents the bias term of the linear layer.

• (2)

  Graph convolutional neural network model

Graph convolution neural network (GCN) is a deep learning model for processing graph structured data. It effectively captures the relationship between nodes and their neighboring nodes by aggregating node and neighborhood features and effectively modeling local dependencies. The GCN model structure mainly consists of three parts: input layer, graph convolution layer, and output layer. Use the output $y_t$ of the Transformer as the input of the graph convolutional neural network. The graph convolution operation of each layer is shown in Eq. (18):

(18) $${\displaystyle H^{(l+1)}=\sigma \left({\overline{D}}^{-\frac{1}{2}}\overline{A}{\overline{D}}^{-\frac{1}{2}}{y}_t{W}^{(l)}\right).}$$

Among them, $y_t$ represents the input feature, $H^{(0)}=X$, $\overline{A}=A+I$ is the adjacency matrix with self-loops added, $I$ s is the identity matrix, $\stackrel{\sim }{D}$ is the degree matrix of $\overline{A}$, ${\overline{D}}_{ij}={\sum }_j{\overline{A}}_{ij}$, $W^{(l)}$ is the learning weight matrix of the $l$th layer, and $\sigma$ is the activation function. Graph convolution layers usually include multiple layers, and the output of each layer is used as the input of the next layer. Therefore, after multiple graph convolution operations, the output of the last layer can be represented by $H^{(L)}$.

Finally, after multiple graph convolution operations, the output layer outputs the result $H^{(L)}$. The output result j is input into the fully connected neural network for malware detection and category classification.

In the graph convolution operation of the GCN model, the $ReLu()$ activation function is applied to introduce nonlinear relationships and enhance the expressiveness of the model. Specifically, as shown in Eq. (19):

(19) $$\mathrm{Re}Lu(a)=max(0,a).$$

Among them, $\alpha$ represents the input value. If $\alpha$ > 0, output $\alpha$; if $\alpha$ < 0, output 0.

Malware detection model

In the feature extraction stage, the model extracts key features from the opcode sequence and function call graph, respectively, and then fuses these heterogeneous features and inputs them into the fully connected neural network to finally detect malware. The fully connected neural network can learn the complex relationship between input features and output labels by adjusting the weights and biases of the network to complete the classification task. The results ${\mathrm{H}}_t$ and $H^{(L)}$ obtained by the above model are used as the input of the fully connected neural network, as shown in Eq. (20):

(20) $$y_{out}=f(w_i\ast [{\mathrm{H}}_t\oplus H^{(L)}]+b).$$

Among them, $y_{out}$ represents the output result, $f$ represents the Softmax activation function, $w_i$ represents the learning weight, and $b$ represents the bias vector.

In multi-classification problems, the Softmax activation function is usually used in combination with the cross-entropy loss function. The cross-entropy is used to measure the difference between the predicted probability distribution and the true probability distribution. The smaller the value, the better the prediction effect of the model. The advantage of choosing cross-entropy as the loss function is that it has a fast derivation speed and can accelerate network convergence. Specifically, as shown in Eq. (21):

(21) $$Los{s}_{out}=-{\displaystyle \frac{1}{m}\sum _{i=1}^m\sum _{j=1}^{k}p(x_{ij})\log (q(x_{ij})).}$$

Among them, m represents the number of samples, k represents the number of classification categories, $p(x_{ij})$ represents the true classification label of the k-th category of the m-th sample, and $q(x_{ij})$ represents the predicted classification result of the k-th category of the m-th sample.

When using a fully connected neural network for malware detection, the Softmax function outputs the probability of each category, and the final classification result is determined by the maximum probability. Specifically, as shown in Eq. (22):

(22) $$Softma{x}_{out}={\displaystyle \frac{e^{x_i}}{{\sum }_{j=1}^k{e}^{x_j}}.}$$

Among them, $Softma{x}_{out}$ represents the output result of the function, $e$ represents the base of the natural logarithm, $x_i$ represents the i-th element in the input vector, $e^{x_i}$ represents the result of the exponential operation of $x_i$, $k$ represents the length of the input vector, and ${\sum }_{j=1}^k{e}^{x_j}$ represents the sum of the elements of each input vector after the exponential operation.

Obtaining function call graph features

We utilize the Flowdroid tool to decompile the APK, extract its function call graph, and optimize the graph based on a predefined list of sensitive APIs. Consequently, the optimized features of the function call graph are obtained. The sensitive APIs list is shown in Table S2. The obtained function call graph and its optimized results are shown in Table S3.

Table S2 presents a list of sensitive APIs, which are primary targets for malware due to their susceptibility to hacking and can consequently disrupt the normal operation of programs. Therefore, this list serves as a critical basis for detecting whether a program has been compromised. Table S3 summarizes the average number of nodes and edges of various function call graph features before and after optimization, along with their optimization rates, thereby specifically illustrating the effectiveness of the optimization method.

Get opcode sequence features

We utilize the Apktool tool to decompile the APK file. During the decompilation process, we extract the primary source code files executed on the Dalvik virtual machine—Smali, and retain only the core instructions within the Smali files. The specific core instructions retained are presented in Table S4.

Subsequently, the extracted function call graph and opcode sequence features are represented in terms of text semantics. Thereafter, these features are utilized as input for the TTGNet model to perform experiments on malware detection and category classification.

Android malware detection results and analysis

This subsection provides a detailed elaboration of the malware detection results achieved through the proposed TTGNet-AMD.

The experiment utilized two authoritative datasets, CICMalDroid2020 and Drebin, as benchmark testing platforms. A binary classification task was employed to categorize the samples into benign software and malicious software. Regarding parameter configuration, the padding parameter was set to 0, the number of training epochs was set to 100, the initial learning rate was configured as 0.001, and the Adam optimizer (Sivaranjani, Sasikumar & Sugitha, 2025) was selected for optimizing the model parameters.

The detailed performance evaluation results of the experiment are shown in Fig. 3.

Fig. 3A illustrates the experimental outcomes of the TTGNet-AMD method for Android malware detection on the CICMalDroid2020 dataset, achieving an accuracy of 96.30%, precision of 95.76%, recall of 94.33%, and F1-score of 94.27%. Figure 3B presents the performance metrics of the TTGNet-AMD method for Android malware detection on the Drebin dataset, where the proposed method attains an accuracy of 96.13%, precision of 95.20%, recall of 94.12%, and F1-score of 93.85%.

These results confirm that the proposed TTGNet-AMD achieves high detection accuracy and precision on both datasets, thereby validating the effectiveness and reliability of the model. Furthermore, these findings suggest that the TTGNet-AMD possesses strong generalization capabilities.

As an important tool for evaluating the performance of classification models, the confusion matrix intuitively displays the correspondence between the prediction results and the true labels. The X-axis of the matrix represents the predicted label, and the Y-axis represents the true label. Figure S4 shows the confusion matrix evaluation results of the TTGNet-AMD method on the CICMalDroid2020 and Drebin datasets.

The loss function curve illustrates the evolution of training and validation losses across training epochs. Figure S5 presents the loss curves of the TTGNet-AMD method on the CICMalDroid2020 and Drebin datasets.

The results of training the model on the CICMalDroid2020 dataset and evaluating it on the two datasets as an independent test set are presented in Table 1.

As shown in Table 1, TTGNet-AMD achieves binary malicious app detection performance with an accuracy of 96.30%, precision of 95.76%, recall of 94.33%, and F1-score of 94.27% on the CICMalDroid2020 test set. When tested on the Drebin dataset, the model maintains strong performance, achieving an accuracy of 95.62%, precision of 94.24%, recall of 93.51%, and F1-score of 93.42%.

Malware category classification results and analysis

This section presents the experimental evaluation results of fine-grained classification of malware categories. The study uses a four-classification task to classify malware samples into four typical categories: Adware, Banking, SMS, and Riskware. This article presents the experimental results of the proposed method for classifying malicious software categories on the CICMalDroid2020 dataset. To comprehensively evaluate the model’s performance, the experiment employs Macro- and Micro-averaged metrics and the confusion matrices. The experimental parameters are configured consistently with those used in the malware detection section. As specifically illustrated in Fig. 4.

Figure 4 shows the performance evaluation results of four classification tasks (Adware, Banking, Riskware, SMS). The Micro-Precision achieved 93.85%, while the Macro-Precision reached 93.68%, indicating that the model’s prediction results are highly reliable. The Micro-Recall attained 93.31%, and the Macro-Recall was 93.25%, validating the model’s effective recognition capability across various categories of samples. The Micro-F1-score was 93.26%, and the Macro-F1-score was 93.12%, demonstrating a well-balanced trade-off between precision and recall. The overall accuracy of the model was 95.13%, which fully substantiates the effectiveness of the proposed TTGNet-AMD method in fine-grained malicious software classification tasks. These experimental results confirm that the model possesses strong classification capabilities.

The confusion matrix for the malware category classification experiment using the proposed TTGNet-AMD method on the CICMalDroid2020 dataset is presented in Fig. S6. And the loss curve is shown in Fig. S7.

These results show that the proposed method has the best recognition ability for SMS and Riskware malware, while the recognition performance for Banking samples is relatively weak, which provides a clear direction for subsequent model optimization.

Ablation experiment

This subsection presents the experimental results of malware detection and malware category classification using GCN, Transformer+GCN, and TTGNet-AMD (LSTM+Transformer+GCN) on the CICMalDroid2020 and Drebin datasets. The parameter configurations for each model are consistent with those described in the preceding two subsections. Ultimately, the models’ performance is assessed using evaluation metrics such as accuracy, precision, recall, F1-score, confusion matrix, and AUC curve.

The specific results of the malware detection experiments performed by the three models on the CICMalDroid2020 and Drebin datasets are presented in Fig. 5.

Figure 5 illustrates the performance comparison of three models on the CICMalDroid2020 and Drebin datasets. The experimental results indicate that the malware detection model based solely on the GCN architecture achieved a comprehensive performance index ranging from 90% to 92% on the CICMalDroid2020 dataset, while its performance on the Drebin dataset was slightly lower, varying between 89% and 92%. Upon introducing the Transformer module, the model’s performance improved marginally, with all metrics increasing by approximately 1% to 2% across both datasets. Notably, the hybrid model constructed by further integrating the LSTM module exhibited substantial performance improvements: on the CICMalDroid2020 dataset, the accuracy, precision, recall, and F1-score were enhanced to 96.30%, 95.76%, 94.33%, and 94.27%, respectively; on the Drebin dataset, the corresponding metrics reached 92.35%, 91.65%, 91.03%, and 91.03%.

In conclusion, compared with detection methods based solely on a single feature, employing a multi-feature fusion strategy can more comprehensively capture the behavioral patterns and structural features of malicious software, thereby substantially enhancing detection performance.

The specific results of the malware category classification experiment of the three models on the CICMalDroid2020 dataset are shown in Fig. 6.

As can be seen from Fig. 6, the single-feature GCN model has an accuracy of 89.62%, a precision of 88.74%, a recall of 88.14%, and an F1-score of 88.62%. The four indicators perform well, but there is still some room for optimization; the performance improvement of the Transformer+GCN combination model is limited, and the four evaluation indicators reach 90.23%, 89.52%, 89.35% and 89.37% respectively, indicating that the improvement effect of introducing only the attention mechanism is weak; the TTGNet-AMD method performs best, and various indicators are significantly improved, namely Accuracy 95.13%, Precision 93.85%, Recall 93.31% and F1-Score 93.26%, indicating the effectiveness of the proposed TTGNet-AMD method.

The confusion matrix results of the three models for malware detection on the CICMalDroid2020 and the Drebin dataset are shown in Figs. S8 and S9. The confusion matrix results of the three models for malware category classification on the CICMalDroid2020 dataset are shown in Fig. S10.

The experimental results confirm that by integrating the structural feature extraction capability of the graph convolutional network (GCN), the global dependency modeling advantage of the Transformer, and the temporal feature learning mechanism of the long short-term memory network (LSTM), the TTGNet-AMD method achieves collaborative optimization of multimodal features and can more accurately distinguish between easily confused malware categories.

In malware detection experiments, the area under the curve (AUC) curve is used as an evaluation indicator to measure the classification performance of malware detection models. Especially in binary classification problems, it is based on the area under the receiver operating characteristic curve (ROC) and can provide a comprehensive evaluation of the overall performance of the model. The closer the AUC value is to 1, the better the classification performance of the model. The Fig. S11 shows the ROC curves and AUC values of the three models for malware detection on the CICMalDroid2020 dataset. The ROC curves of the three models for malware detection on the Drebin dataset are shown in Fig. S12.

The experimental results show that the AUC value of the GCN model based on a single feature achieves approximately 91% on both the CICMalDroid2020 and Drebin datasets. After incorporating the Transformer module, the AUC value of the model increases by roughly 1%. In contrast, the complete TTGNet-AMD method, which integrates multimodal features, attains AUC values of 95.83% and 95.60% on the respective datasets, representing an improvement of 4.1 to 4.5 percentage points over the GCN model based on a single feature. These findings confirm that our proposed TTGNet-AMD method, through the fusion of multimodal features, exhibits superior malware detection capabilities across different datasets compared to models relying solely on a single feature, thereby validating the efficacy of the multimodal fusion strategy.

Comparison with other deep learning models and methods

In this section, the proposed TTGNet-AMD method is systematically compared with several graph neural network models and alternative research approaches on the CICMalDroid2020 and Drebin datasets. The graph neural network models under comparison include GCN, graph attention network (GAT), and Graph Sample and AggreGatE (GraphSAGE). Other research methods encompass the ANFIS model (Atacak, Kılıç & Doğru, 2022) and the Atacak approach (Atacak, Kılıç & Doğru, 2022). Through comprehensive experimental comparisons and rigorous analysis, the superiority of the proposed TTGNet-AMD method over other graph neural network models and competing methods is demonstrated. All the aforementioned methods were employed to perform malware detection experiments on the CICMalDroid2020 and the Drebin dataset. The detailed performance comparison results are presented in Tables 2 and 3.

As can be seen from Table 2, the accuracy of the GCN model in malware detection on the CICMalDroid2020 dataset is 91.55%, the precision is 91.19%, and the recall and F1-score are both above 90%; the accuracy of the GAT model in malware detection is 91.29%, the precision is 91.18%, and the recall and F1-scores are around 90%; the results of the GraphSAGE model in malware detection are close to the results of the above two models, and the evaluation indicators such as accuracy, precision, recall and F1-score are all above 90%. The accuracy and F1-score of the ANFIS method in malware detection are all around 94%. The detection accuracy and recall of the Atacak method (Atacak, Kılıç & Doğru, 2022) are 94.67%, the precision is 94.78%, and the F1-score is 94.66%. Our proposed TTGNet-AMD method has an accuracy of 96.30%, a precision of 95.76%, a recall of 94.33%, and an F1-score of 94.27%. In general, the proposed TTGNet-AMD method performs better than other deep learning models and methods in malware detection.

The Table 3 shows that the accuracy of malware detection by the GCN model is 91.43%, the precision is 91.35%, the recall is 90.00%, and the F1-score is 89.69%; the accuracy and precision of the GAT model are 91.10% and 91.05%, respectively, and the recall and F1-score are 89.27% and 89.42%, respectively; the accuracy, precision, recall and F1-score of the GraphSAGE model are all around 90%. The detection results of various evaluation indicators of the ANFIS method are all above 90%. Our TTGNet-AMD method has an accuracy of 96.13%, a precision of 95.20%, a recall of 94.12%, and an F1-score of 93.85%. In summary, the proposed TTGNet-AMD method performs slightly better than other graph neural network models and methods in malware detection.