Less is More: A privacy-respecting Android malware classifier using Federated Learning

TL;DR

LiM is a privacy-preserving Android malware classifier using Federated Learning, achieving high accuracy and robustness while keeping user app data local and secure against attacks.

Contribution

This paper introduces LiM, a novel federated learning framework for malware detection that maintains user privacy and is resilient to poisoning and inference attacks.

Findings

Cloud F1 score of 95%

Clients have perfect recall with minimal false positives

Robust against poisoning and inference attacks

Abstract

In this paper we present LiM ("Less is More"), a malware classification framework that leverages Federated Learning to detect and classify malicious apps in a privacy-respecting manner. Information about newly installed apps is kept locally on users' devices, so that the provider cannot infer which apps were installed by users. At the same time, input from all users is taken into account in the federated learning process and they all benefit from better classification performance. A key challenge of this setting is that users do not have access to the ground truth (i.e. they cannot correctly identify whether an app is malicious). To tackle this, LiM uses a safe semi-supervised ensemble that maximizes classification accuracy with respect to a baseline classifier trained by the service provider (i.e. the cloud). We implement LiM and show that the cloud server has F1 score of 95%, while clients have perfect recall with only 1 false positive in >100 apps, using a dataset of 25K clean apps and 25K malicious apps, 200 users and 50 rounds of federation. Furthermore, we conduct a security analysis and demonstrate that LiM is robust against both poisoning attacks by adversaries who control half of the clients, and inference attacks performed by an honest-but-curious cloud server. Further experiments with MaMaDroid's dataset confirm resistance against poisoning attacks and a performance improvement due to the federation.