FEdroid: a lightweight and interpretable machine learning-based android malware detection system

FEdroid: a lightweight and interpretable machine learning-based android malware detection system

연구 분야: Safety

학회: Cluster Computing

Android operating system, renowned for its open-source nature and flexibility, holds the largest global market share, yet faces significant security challenges, particularly from malware threats. Existing studies often rely on complex feature engineering for malware detection, leading to cumbersome methods prone to noise and lacking effective feature selection mechanisms. Some deep learning approaches also suffer from low efficiency. This paper introduces a lightweight and interpretable Android malware detection system called “FEdroid.” By focusing on code segments that utilize sensitive APIs, the system simplifies the analysis process and extracts key information, employing XGBoost for cross-feature selection to concentrate on a minimal yet crucial feature set. This approach enhances detection accuracy while reducing device resource usage. Experimental results demonstrate that the system achieved an accuracy of 98.26% and a false negative rate of only 1.86% across 18,653 APK samples, significantly improving detection efficiency and accuracy while minimizing deployment resource dependency. Furthermore, the application of Shapley values for interpretive analysis greatly enhances the transparency and understandability of the classifier model, thereby improving the overall interpretability of the system.