Fourier-Polynomial Features for Obfuscation-Robust Android Malware Detection

We propose a spectral feature extraction framework for Android malware detection, designed as a complementary component to existing structural detectors (API call graphs, control-flow graphs, permission sets) rather than a standalone solution. The method extracts the normalized power spectrum of raw DEX bytecode, approximates it as a polynomial, and compresses it into a compact feature vector via repeated differentiation, leveraging the dual-number representation of the derivative operator. The central theoretical contribution is the Complementary Discriminative Power Theorem: under graph-preserving obfuscation---byte-level transformations that leave structural features intact---structural detectors are provably blind by construction, while spectral features remain sensitive to entropy changes in the byte sequence, providing strictly positive conditional mutual information. Polynomial differentiation-based compression reduces feature dimension from m+1 to m-k+1 in O(k·m) operations, making the spectral component cheap to add to any existing pipeline. We state the method's limitations explicitly and formalize the conditions under which feature fusion is necessary.