An Android malware detection based on reconstructed API with TextCNN

Most of machine learning-based Android malware detection methods use the application programming interface (API) as features. However, the effectiveness of API-based methods are often compromised by API changes during the evolution of the Android system. At the same time, most of these methods only use system APIs, so they cannot detect malicious apps that realize malicious behavior through third-party APIs. To address this problem, we have proposed an API names reconstruction method and have developed a feature selection approach that leverages the weights of these reconstructed names. Following this, we constructed a TextCNN-based Android malware detection model. To validate the robustness of our method against API changes, we conducted a series of cross-validation experiments using samples from different years. Comparison test also has been conducted, demonstrating that our detection method archives superior performance.