Ain Shams Engineering Journal (May 2024)
Securing Android IoT devices with GuardDroid transparent and lightweight malware detection
Abstract
The Internet of Things (IoT) has experienced significant growth in recent years and has emerged as a very dynamic sector in the worldwide market. Being an open-source platform with a substantial user base, Android has not only been a driving force in the swift advancement of the IoT but has also garnered attention from malicious actors, leading to malware attacks. Given the rapid proliferation of Android malware in recent times, there is an urgent requirement to introduce practical techniques for the detection of such malware. While current machine learning-based Android malware detection approaches have shown promising results, the majority of these methods demand extensive time and effort from malware analysts to construct dynamic or static features. Consequently, the practical application of these methods becomes challenging. Therefore, this paper presents an Android malware detection system characterized by its lightweight design and reliance on explainable machine-learning techniques. The system uses features extracted from mobile applications (apps) to distinguish between malicious and benign apps. Through extensive testing, it has exhibited exceptional accuracy and an F1-score surpassing 0.99 while utilizing minimal device resources and presenting negligible false positive and false negative rates. Furthermore, the classifier model's transparency and comprehensibility are significantly augmented through the application of Shapley's additive explanation scores, enhancing the overall interpretability of the system.
