Android malware is growing rapidly, and modern variants increasingly use obfuscation and code-disrupting techniques that evade traditional detectors. These transformations can hide or alter malicious characteristics, making accurate identification difficult. To address this, we propose the Entropy Autoencoder-Synchronized Hashing Semi-supervised Network (EASH-SemiNet), a novel framework integrating semi-supervised learning, an entropy-based autoencoder, a synchronized hashing mechanism, and hash matching. This combination provides robust and adaptive malware detection while significantly reducing reliance on labeled malicious samples. Unlike traditional entropy-based methods, which often suffer from high false-positive rates, EASH-SemiNet leverages synchronized hashing and semi-supervised learning to achieve superior detection accuracy while minimizing reliance on labeled malware data. Our approach successfully detects malware variants, obfuscation, and code-altering tactics using entropy-based features and the synchronized hashing mechanism. Furthermore, the integrated hash-matching strategy efficiently reduces the computational burden imposed by known threats. Thus, EASH-SemiNet offers an effective, efficient, and adaptable solution to the challenges posed by evolving Android malware and limited labeled data. • A novel semi-supervised network EASH-SemiNet for Android malware detection • Synchronized hashing improves stability against code obfuscation techniques • Semi-supervised learning reduces reliance on large labeled malware datasets • Entropy-based autoencoder captures structural anomalies in encrypted APKs. • Achieves 99.5% accuracy with high resilience to encryption and injections.
Nguyen et al. (Fri,) studied this question.