MARD: A Multi-Agent Framework for Robust Android Malware Detection

TL;DR

MARD is a multi-agent framework that combines LLMs and static analysis to improve Android malware detection, achieving high accuracy, interpretability, and cost efficiency without domain-specific fine-tuning.

Contribution

It introduces a novel multi-agent interaction mechanism that leverages LLMs and static analysis engines for robust, interpretable, and cost-effective Android malware detection.

Findings

Achieves an F1 score of 93.46% without fine-tuning.

Outperforms continual learning baselines.

Demonstrates robustness against concept drift and cross-domain generalization.

Abstract

With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretability of decisions. Although Large Language Models (LLMs) demonstrate remarkable semantic reasoning capabilities, directly processing massive raw code incurs prohibitive token overhead. Moreover, this approach fails to fully unleash the deep logical reasoning potential of LLMs within complex contexts. To address these limitations, we propose MARD, a multi-agent framework for robust Android malware detection. This framework effectively bridges the gap between the semantic understanding of LLMs and traditional static analysis. It treats underlying deterministic analysis engines as on-demand execution tools, while utilizing the LLM to orchestrate the entire decision-making process. By designing an autonomous multi-agent interaction mechanism based on the ReAct paradigm, MARD constructs a highly interpretable evidentiary chain for conviction. Furthermore, we radically reduce the total cost of conducting a deep analysis of a single complex APK to under $0.10. Evaluations demonstrate that, without any domain-specific fine-tuning, MARD achieves an F1 score of 93.46%. It not only outperforms continual learning baselines but also exhibits robustness against concept drift and strong cross-domain generalization capabilities in evaluations spanning up to five years.