Due to the vast array of Android applications, their multifarious functions and intricate behavioral semantics, attackers can adopt various tactics to conceal their genuine attack intentions within legitimate functions. However, numerous feature engineering based methods suffer from a limitation in mining behavioral semantic information, thus impeding the accuracy and efficiency of Android malware detection. Besides, the majority of existing feature engineering based methods are weakly interpretive and fail to furnish researchers with effective and readable detection reports. Inspired by the success of the Large Language Models (LLMs) in natural language understanding, we propose AppPoet, a LLM-assisted multi-view system for Android malware detection. Firstly, AppPoet employs a static method to comprehensively collect application features and formulate various observation views. Subsequently, it steers the LLM to produce function descriptions and behavioral summaries for views via our meticulously devised multi-view prompt engineering technique to realize the deep mining of view semantics. Finally, we collaboratively fuse the multi-view information to efficiently and accurately detect malware through a deep neural network (DNN) classifier and then generate the heuristic diagnostic reports. Experimental results demonstrate that our method achieves a detection accuracy of 97.15% and an F1 score of 97.21%, which is superior to the baseline method Drebin and its variant. Furthermore, the case study evaluates the effectiveness of our generated diagnostic reports.

翻译：由于安卓应用数量庞大、功能多样且行为语义复杂，攻击者可能采取各种策略将真实攻击意图隐藏于合法功能之中。然而，现有大量基于特征工程的方法在挖掘行为语义信息方面存在局限性，从而影响了安卓恶意软件检测的准确性与效率。此外，当前大多数基于特征工程的方法解释性较弱，无法为研究人员提供有效且可读的检测报告。受大语言模型在自然语言理解领域成功的启发，我们提出AppPoet——一种基于大语言模型辅助的多视角安卓恶意软件检测系统。首先，AppPoet采用静态方法全面收集应用特征并构建多种观测视角。随后，通过我们精心设计的多视角提示工程技术，引导大语言模型为各视角生成功能描述与行为摘要，实现视角语义的深度挖掘。最后，我们协同融合多视角信息，通过深度神经网络分类器高效准确地检测恶意软件，并生成启发式诊断报告。实验结果表明，本方法达到97.15%的检测准确率与97.21%的F1分数，优于基线方法Drebin及其变体。同时，案例研究验证了我们所生成的诊断报告的有效性。