Mask Off: Analytic-based Malware Detection By Transfer Learning and Model Personalization

TL;DR

This paper introduces ADAM, an analytic-based deep neural network system for Android malware detection that uses transfer learning, model personalization, and federated learning to improve accuracy and robustness against attacks.

Contribution

The paper presents a novel malware detection framework combining feature-specific DNNs with transfer learning and federated learning for enhanced adaptability and security.

Findings

Achieved over 98% accuracy in malware detection.

Effectively defends against data manipulation and poisoning attacks.

Utilizes a large dataset of 153,000 applications with 41,000 features.

Abstract

The vulnerability of smartphones to cyberattacks has been a severe concern to users arising from the integrity of installed applications (\textit{apps}). Although applications are to provide legitimate and diversified on-the-go services, harmful and dangerous ones have also uncovered the feasible way to penetrate smartphones for malicious behaviors. Thorough application analysis is key to revealing malicious intent and providing more insights into the application behavior for security risk assessments. Such in-depth analysis motivates employing deep neural networks (DNNs) for a set of features and patterns extracted from applications to facilitate detecting potentially dangerous applications independently. This paper presents an Analytic-based deep neural network, Android Malware detection (ADAM), that employs a fine-grained set of features to train feature-specific DNNs to have consensus on the application labels when their ground truth is unknown. In addition, ADAM leverages the transfer learning technique to obtain its adjustability to new applications across smartphones for recycling the pre-trained model(s) and making them more adaptable by model personalization and federated learning techniques. This adjustability is also assisted by federated learning guards, which protect ADAM against poisoning attacks through model analysis. ADAM relies on a diverse dataset containing more than 153000 applications with over 41000 extracted features for DNNs training. The ADAM's feature-specific DNNs, on average, achieved more than 98% accuracy, resulting in an outstanding performance against data manipulation attacks.