MalQwen: Fine Tuned LLM for Static Android Malware Analysis Report

The Android operating system continues to face escalating security challenges, primarily due to its open-source nature and the rapid proliferation of applications from untrusted sources. Traditional static analysis tools lack the flexibility to capture evolving malware behaviors, limiting their interpretability and scalability. Large Language Models (LLMs) are now applied in cybersecurity for malware detection, phishing classification, and cyber threat intelligence. However, their use has not been extended to producing detailed and interpretable Android malware analysis reports. This study integrates LLMs into Android malware analysis by creating a dataset for instruction tuning and fine-tuning the Qwen-7B model using the LoRA method. The model MalQwen is developed by fine-tuning Qwen 2.5-7B with 429 malware samples containing decompiled code and expert labeled security reports. MalQwen outperforms models like Gemini and LLaMA, achieving a BERTscore of 0.84 for SMS malware and a Perplexity score of 3.30 for Scareware. These findings confirm MalQwen’s superior performance in generating precise malware reports, validating LLMs as a powerful new method for Android malware analysis.