AI-Based Malware Classification in Android Apps Using Vision Transformer (ViT) on Bytecode Images

The rapid proliferation of Android applications has made mobile platforms a prime target for malware attacks. To address the growing concern of malicious apps, this study presents an AI-based malware classification approach using Vision Transformer (ViT) on bytecode images of Android applications. Traditional malware detection techniques, including signature-based and heuristic methods, often fail to detect novel and obfuscated malware due to limited generalization and static rule-based systems. These limitations have necessitated the need for more intelligent and adaptive solutions that can handle complex and evolving malware patterns. To overcome these challenges, we propose a novel framework: Real-Time Malware Detection in App Stores using Bytecode Image Generation and Vision Transformer-Based Classification (RAMViD). In this approach, Android APK files are first decompiled to extract Dalvik bytecode, which is then transformed into grayscale images representing the byte patterns of the application. These images are fed into a finetuned Vision Transformer model that learns intricate visual features of benign and malicious patterns for accurate classification. The proposed method can be integrated into app store infrastructures to perform real-time malware analysis during the app submission process. This ensures proactive filtering of malicious applications before they reach end-users, enhancing platform security without manual intervention. Experimental results demonstrate that the ViT-based classification framework outperforms conventional CNN-based models in accuracy and robustness. The system achieves high detection rates with reduced false positives, highlighting its effectiveness in identifying both known and previously unseen malware. This solution offers a scalable, automated, and intelligent alternative for securing Android ecosystems.

Перевод пока недоступен