Qian, Xingzhi;
Zheng, Xinran;
He, Yiling;
Yang, Shuo;
Cavallaro, Lorenzo;
(2025)
LAMD: Context-driven Android Malware Detection and Classification with LLMs.
In: Blanton, M and Enck, W and Nita-Rotaru, C, (eds.)
2025 IEEE Security and Privacy Workshops (SPW).
(pp. pp. 126-136).
IEEE: San Francisco, CA, USA.
Preview |
PDF
2502.13055v2-2.pdf - Accepted Version Download (703kB) | Preview |
Abstract
The rapid growth of mobile applications has escalated Android mal ware threats. Although there are numerous detection methods, they often struggle with evolving attacks, dataset biases, and limited explainability. Large Language Models (LLMs) offer a promising alternative with their zero-shot inference and reasoning capabilities. However, applying LLMs to Android malware detection presents two key chal-lenges: (1) the extensive support code in Android applications, often spanning thousands of classes, exceeds LLMs' context limits and obscures malicious behavior within benign functionality; (2) the structural complexity and interdepen-dencies of Android applications surpass LLMs' sequence-based reasoning, fragmenting code analysis and hindering malicious intent inference. To address these challenges, we propose LAMD, a practical context-driven framework to enable LLM-based Android malware detection. LAMD integrates key context extraction to isolate security-critical code regions and construct program structures, then applies tier-wise code reasoning to analyze application behavior progressively, from low-level instructions to high-level semantics, providing final prediction and explanation. A well-designed factual consistency verification mechanism is equipped to mitigate LLM hallucinations from the first tier. Evaluation in real-world settings demonstrates LAMD's effectiveness over conventional detectors, establishing a feasible basis for LLM -driven mal ware analysis in dynamic threat landscapes.
| Type: | Proceedings paper |
|---|---|
| Title: | LAMD: Context-driven Android Malware Detection and Classification with LLMs |
| Event: | 46th Security and Privacy Workshops-SPW |
| Location: | CA, San Francisco |
| Dates: | 12 May 2025 - 15 May 2025 |
| ISBN-13: | 979-8-3315-6644-9 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/SPW67851.2025.00017 |
| Publisher version: | https://doi.org/10.1109/spw67851.2025.00017 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Privacy, Codes, Operating systems, Large language models, Semantics, Detectors, Malware, Cognition, Mobile applications, Security |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10216009 |
Archive Staff Only
 |
View Item |
