Strengthening LLM ecosystem security: Preventing mobile malware from manipulating LLM-based applications

Large language model (LLM) platform vendors have begun to make their models available for developers to build for different use cases. However, the emergence of LLM-based applications may raise security and privacy issues, and even LLM-based applications may be susceptible to malware. To strengthen LLM ecosystem security, it's crucial to develop malware detection algorithms for various platforms. We pay attention to Android malware because the Android platform is widely used and vulnerable. Existing single feature based-solutions cannot effectively describe applications, and aged models fail to detect new malware as Android platform develops and malware evolves. Therefore, existing detection methods are ill-suited for evolved malware that may manipulate LLM-based applications. To tackle the above problems, we design EvolveDroid, an anti-aging Android malware detection system. On the one hand, EvolveDroid utilizes different view features to reflect malware behavior from multiple dimensions, and maximizes the advantages of each feature type through feature aggregation. On the other hand, EvolveDroid learns good representation of applications through contrastive learning and generates pseudo labels by measuring the distance between unknown samples and existing samples for model updating. Extensive evaluations show that EvolveDroid outperforms state-of-the-art (sota) solutions in detection performance and slowing model aging.