FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System

Changnan Jiang; Chunhe Xia; Zhuodong Liu; Tianbo Wang

doi:10.1007/978-3-031-40289-0_15

FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System

Changnan Jiang
, Chunhe Xia
, Zhuodong Liu
, Tianbo Wang^*

^*Corresponding author for this work

Beihang University
Guangxi Normal University
Shanghai Key Laboratory of Computer Software Evaluating and Testing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary’s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user’s sensitive information (Such as the category of the user’s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user’s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP’s ability to protect user’s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8% higher classification accuracy) in the same privacy budget.

Original language	English
Title of host publication	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
Editors	Zhi Jin, Yuncheng Jiang, Wenjun Ma, Robert Andrei Buchmann, Ana-Maria Ghiran, Yaxin Bi
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	184-199
Number of pages	16
ISBN (Print)	9783031402883
DOIs	https://doi.org/10.1007/978-3-031-40289-0_15
State	Published - 2023
Event	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings - Guangzhou, China Duration: 16 Aug 2023 → 18 Aug 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14119 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
Country/Territory	China
City	Guangzhou
Period	16/08/23 → 18/08/23

Keywords

Android malware classification
Federated learning
Privacy-preserving
Sensitive knowledge

Access to Document

10.1007/978-3-031-40289-0_15

Cite this

Jiang, C., Xia, C., Liu, Z., & Wang, T. (2023). FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. In Z. Jin, Y. Jiang, W. Ma, R. A. Buchmann, A.-M. Ghiran, & Y. Bi (Eds.), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings (pp. 184-199). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14119 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-40289-0_15

Jiang, Changnan ; Xia, Chunhe ; Liu, Zhuodong et al. / FedDroidADP : An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. editor / Zhi Jin ; Yuncheng Jiang ; Wenjun Ma ; Robert Andrei Buchmann ; Ana-Maria Ghiran ; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. pp. 184-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e698576aed6646e09ab02c8ee2a38e35,

title = "FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System",

abstract = "Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary{\textquoteright}s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user{\textquoteright}s sensitive information (Such as the category of the user{\textquoteright}s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user{\textquoteright}s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP{\textquoteright}s ability to protect user{\textquoteright}s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8\% higher classification accuracy) in the same privacy budget.",

keywords = "Android malware classification, Federated learning, Privacy-preserving, Sensitive knowledge",

author = "Changnan Jiang and Chunhe Xia and Zhuodong Liu and Tianbo Wang",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings ; Conference date: 16-08-2023 Through 18-08-2023",

year = "2023",

doi = "10.1007/978-3-031-40289-0\_15",

language = "英语",

isbn = "9783031402883",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "184--199",

editor = "Zhi Jin and Yuncheng Jiang and Wenjun Ma and Buchmann, \{Robert Andrei\} and Ana-Maria Ghiran and Yaxin Bi",

booktitle = "Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings",

address = "德国",

}

Jiang, C, Xia, C, Liu, Z & Wang, T 2023, FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. in Z Jin, Y Jiang, W Ma, RA Buchmann, A-M Ghiran & Y Bi (eds), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14119 LNAI, Springer Science and Business Media Deutschland GmbH, pp. 184-199, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings, Guangzhou, China, 16/08/23. https://doi.org/10.1007/978-3-031-40289-0_15

FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. / Jiang, Changnan; Xia, Chunhe; Liu, Zhuodong et al.
Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. ed. / Zhi Jin; Yuncheng Jiang; Wenjun Ma; Robert Andrei Buchmann; Ana-Maria Ghiran; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. p. 184-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14119 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - FedDroidADP

T2 - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

AU - Jiang, Changnan

AU - Xia, Chunhe

AU - Liu, Zhuodong

AU - Wang, Tianbo

PY - 2023

Y1 - 2023

N2 - Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary’s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user’s sensitive information (Such as the category of the user’s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user’s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP’s ability to protect user’s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8% higher classification accuracy) in the same privacy budget.

AB - Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary’s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user’s sensitive information (Such as the category of the user’s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user’s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP’s ability to protect user’s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8% higher classification accuracy) in the same privacy budget.

KW - Android malware classification

KW - Federated learning

KW - Privacy-preserving

KW - Sensitive knowledge

UR - https://www.scopus.com/pages/publications/85173007182

U2 - 10.1007/978-3-031-40289-0_15

DO - 10.1007/978-3-031-40289-0_15

M3 - 会议稿件

AN - SCOPUS:85173007182

SN - 9783031402883

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 184

EP - 199

BT - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

A2 - Jin, Zhi

A2 - Jiang, Yuncheng

A2 - Ma, Wenjun

A2 - Buchmann, Robert Andrei

A2 - Ghiran, Ana-Maria

A2 - Bi, Yaxin

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 16 August 2023 through 18 August 2023

ER -

Jiang C, Xia C, Liu Z, Wang T. FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. In Jin Z, Jiang Y, Ma W, Buchmann RA, Ghiran AM, Bi Y, editors, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 184-199. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-40289-0_15

FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this