# GSIDroid: A Suspicious Subgraph-Driven and Interpretable Android Malware Detection System

**Authors:** Hong Huang, Weitao Huang, Feng Jiang

PMC · DOI: 10.3390/s25134116 · Sensors (Basel, Switzerland) · 2025-07-01

## TL;DR

GSIDroid is a new Android malware detection system that uses subgraph analysis and provides interpretable results to improve security and support further research.

## Contribution

GSIDroid introduces a subgraph-driven and interpretable framework for Android malware detection with high accuracy and transparency.

## Key findings

- GSIDroid achieves an F1 score of 97.14% on 14,520 samples.
- The system identifies critical nodes and permission features influencing detection decisions.
- It reduces computational overhead while enhancing detection performance and interpretability.

## Abstract

In recent years, the growing threat of Android malware has caused significant economic losses and posed serious risks to user security and privacy. Machine learning-based detection approaches have improved the accuracy of malware identification, thereby providing more effective protection for Android users. However, graph-based detection methods rely on whole-graph computations instead of subgraph-level analyses, and they often ignore the semantic information of individual nodes. Moreover, limited attention has been paid to the interpretability of these models, hindering a deeper understanding of malicious behaviors and restricting their utility in supporting cybersecurity professionals for further in-depth research. To address these challenges, we propose GSIDroid, a novel subgraph-driven and interpretable Android malware detection framework designed to enhance detection performance, reduce computational overhead, protect user security, and assist security experts in rigorous malware analysis. GSIDroid focuses on extracting suspicious subgraphs, integrating deep and shallow-semantic features with permission information, and incorporating both global and local interpretability modules to ensure transparent, trustworthy, and analyzable detection results. Experiments conducted on 14,520 samples demonstrate that GSIDroid achieves an F1 score of 97.14%, and its interpretability module successfully identifies critical nodes and permission features that influence detection decisions, thereby enhancing practical deployment and supporting further security research.

## Full-text entities

- **Genes:** SHROOM4 (shroom family member 4) [NCBI Gene 57477] {aka MRXSSDS, SHAP, shrm4}, PC (pyruvate carboxylase) [NCBI Gene 5091] {aka PCB}
- **Diseases:** injury to (MESH:D014947)
- **Chemicals:** DEX (MESH:D003915)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12251895/full.md

## Figures

10 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12251895/full.md

## References

46 references — full list in the complete paper: https://tomesphere.com/paper/PMC12251895/full.md

---
Source: https://tomesphere.com/paper/PMC12251895