M2FD: Mobile malware federated detection under concept drift

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-10 DOI:10.1016/j.cose.2025.104361

Andrea Augello, Alessandra De Paola, Giuseppe Lo Re

{"title":"M2FD: Mobile malware federated detection under concept drift","authors":"Andrea Augello, Alessandra De Paola, Giuseppe Lo Re","doi":"10.1016/j.cose.2025.104361","DOIUrl":null,"url":null,"abstract":"<div><div>The ubiquitous diffusion of mobile devices requires the availability of effective malware detection solutions to ensure user security and privacy. The dynamic nature of the mobile ecosystem, characterized by data distribution changes, poses significant challenges to the development of effective malware detection systems. Additionally, collecting up-to-date information for training machine learning models in a centralized fashion is costly, time-consuming, and privacy-invasive. To address these shortcomings, this paper presents a novel federated learning system for collaborative mobile malware detection. M2FD leverages the collective intelligence of the user community to collect valuable contributions to the detection system while preserving user privacy. Additionally, M2FD incorporates robust concept drift detection mechanisms and model retraining strategies to ensure the adaptability of the system to changing data distributions. By effectively handling concept drift, M2FD guarantees a high ability to detect malware, with 85% accuracy and 84% F1-score, even in presence of evolving attack strategies, thus avoiding the need for frequent model retraining, reducing the retraining frequency by up to 84%, so reducing the computational burden on clients. An extensive experimental evaluation performed on KronoDroid, an open-source real-world dataset, proves the effectiveness of M2FD in detecting concept drift, minimizing model updates, and achieving high accuracy in mobile malware detection.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104361"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000501","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The ubiquitous diffusion of mobile devices requires the availability of effective malware detection solutions to ensure user security and privacy. The dynamic nature of the mobile ecosystem, characterized by data distribution changes, poses significant challenges to the development of effective malware detection systems. Additionally, collecting up-to-date information for training machine learning models in a centralized fashion is costly, time-consuming, and privacy-invasive. To address these shortcomings, this paper presents a novel federated learning system for collaborative mobile malware detection. M2FD leverages the collective intelligence of the user community to collect valuable contributions to the detection system while preserving user privacy. Additionally, M2FD incorporates robust concept drift detection mechanisms and model retraining strategies to ensure the adaptability of the system to changing data distributions. By effectively handling concept drift, M2FD guarantees a high ability to detect malware, with 85% accuracy and 84% F1-score, even in presence of evolving attack strategies, thus avoiding the need for frequent model retraining, reducing the retraining frequency by up to 84%, so reducing the computational burden on clients. An extensive experimental evaluation performed on KronoDroid, an open-source real-world dataset, proves the effectiveness of M2FD in detecting concept drift, minimizing model updates, and achieving high accuracy in mobile malware detection.

查看原文本刊更多论文

M2FD：概念漂移下的移动恶意软件联合检测

移动设备无处不在的扩散需要有效的恶意软件检测解决方案的可用性，以确保用户的安全和隐私。以数据分布变化为特征的移动生态系统的动态特性，对开发有效的恶意软件检测系统提出了重大挑战。此外，以集中的方式收集用于训练机器学习模型的最新信息是昂贵、耗时和侵犯隐私的。为了解决这些不足，本文提出了一种新的用于协同移动恶意软件检测的联邦学习系统。M2FD利用用户社区的集体智慧，在保护用户隐私的同时收集对检测系统的宝贵贡献。此外，M2FD结合了鲁棒的概念漂移检测机制和模型再训练策略，以确保系统对不断变化的数据分布的适应性。通过有效地处理概念漂移，M2FD保证了检测恶意软件的高能力，准确率为85%，f1得分为84%，即使存在不断发展的攻击策略，从而避免了频繁的模型再训练的需要，将再训练频率降低了84%，从而减少了客户端的计算负担。在KronoDroid（一个开源的真实世界数据集）上进行了广泛的实验评估，证明了M2FD在检测概念漂移、最小化模型更新以及在移动恶意软件检测中实现高精度方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.