Advanced Android malware detection system using static analysis and AI to classify APK files into risk levels (Low, Medium, High) with explainability.
- Static Feature Extraction: Extract 100+ features using Androguard (permissions, API calls, opcodes, manifest data)
- Channel Attention LSTM: Deep learning model with attention mechanism
- Equilibrium Optimization: Advanced hyperparameter tuning
- Multi-Epoch Training: Configurable training with accuracy monitoring
- AI Explainability: Gemini API integration for plain-English explanations
- Interactive Dashboard: Real-time risk profiling and visualization
- Baseline Comparison: Performance comparison with Droidetec
android_malware_ai_v2/
├── src/
│ ├── feature_extraction/ # APK feature extraction
│ ├── models/ # CA-LSTM and baseline models
│ ├── training/ # Training pipeline and optimization
│ ├── explainability/ # AI explanation system
│ ├── backend/ # Flask API
│ └── frontend/ # React dashboard
├── data/
│ ├── raw/ # Raw APK files
│ └── processed/ # Extracted features
├── models/
│ ├── checkpoints/ # Model weights
│ └── logs/ # Training logs
├── config/ # Configuration files
├── scripts/ # Utility scripts
└── docs/ # Documentation
- Install dependencies:
pip install -r requirements.txt- Extract features from APK files:
python scripts/extract_features.py --input data/raw --output data/processed- Train the model:
python scripts/train_model.py --config config/training_config.yaml- Run the dashboard:
python src/backend/app.py- Low Risk: Benign applications with normal behavior
- Medium Risk: Suspicious applications requiring investigation
- High Risk: Malicious applications with confirmed threat indicators
- Detection Accuracy: >95%
- Precision: >93%
- Recall: >94%
- F1-Score: >93%
- Training Time: ~2 minutes per epoch