A Privacy-Preserving and Explainable Method for (Obfuscated) Malware Detection in Android Environment
摘要
The growing ubiquity of Android devices has made them prime targets for cyberattacks, especially through obfuscated malware that evades traditional detection techniques. This paper proposes a novel, privacy-preserving, and explainable deep learning-based method for detecting obfuscated Android malware. By combining Federated Learning and Vision Transformers, the proposed approach converts opcode sequences extracted from Android applications into images, allowing the adoption image classification models without compromising user data. Three models are trained to: (i) detect malware, (ii) identify malware obfuscated using Junk Code Insertion, and (iii) Code Reordering techniques. The use of Attention Rollout enables model explainability by highlighting opcode regions that influence predictions, thereby increasing transparency. A set of experiments on real-world malware and trusted Android applications demonstrate interesting detection performances with explainability helping to detect the opcodes responsible for the model decisions.