Due to the vast array of Android applications, their multifarious functions and intricate behavioral semantics, attackers can adopt various tactics to conceal their genuine attack intentions within legitimate functions. However, numerous learning-based methods suffer from a limitation in mining behavioral semantic information, thus impeding the accuracy and efficiency of Android malware detection. Besides, the majority of existing learning-based methods are weakly interpretive and fail to furnish researchers with effective and readable detection reports. Inspired by the success of the Large Language Models (LLMs) in natural language understanding, we propose AppPoet, a LLM-assisted multi-view system for Android malware detection. Firstly, AppPoet employs a static method to comprehensively collect application features and formulate various observation views. Then, using our carefully crafted multi-view prompt templates, it guides the LLM to generate function descriptions and behavioral summaries for each view, enabling deep semantic analysis of the views. Finally, we collaboratively fuse the multi-view information to efficiently and accurately detect malware through a deep neural network (DNN) classifier and then generate the human-readable diagnostic reports. Experimental results demonstrate that our method achieves a detection accuracy of 97.15% and an F1 score of 97.21%, which is superior to the baseline methods. Furthermore, the case study evaluates the effectiveness of our generated diagnostic reports.

翻译：由于Android应用程序种类繁多、功能多样且行为语义复杂，攻击者能够采用多种策略将真实攻击意图隐藏在合法功能中。然而，众多基于学习的方法在挖掘行为语义信息方面存在局限，从而阻碍了Android恶意软件检测的准确性与效率。此外，现有大多数基于学习的方法可解释性较弱，无法为研究者提供有效且可读的检测报告。受大语言模型在自然语言理解领域取得成功的启发，我们提出了AppPoet——一个基于大语言模型辅助的多视角Android恶意软件检测系统。首先，AppPoet采用静态方法全面收集应用特征并构建多种观察视角。随后，通过我们精心设计的多视角提示模板，引导大语言模型为每个视角生成功能描述与行为摘要，实现对视角的深度语义分析。最后，我们协同融合多视角信息，通过深度神经网络分类器高效准确地检测恶意软件，并生成人类可读的诊断报告。实验结果表明，我们的方法实现了97.15%的检测准确率与97.21%的F1分数，优于基线方法。此外，案例研究验证了我们生成诊断报告的有效性。