FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System

Changnan Jiang; Chunhe Xia; Zhuodong Liu; Tianbo Wang

doi:10.1007/978-3-031-40289-0_15

FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System

Changnan Jiang
, Chunhe Xia
, Zhuodong Liu
, Tianbo Wang^*

^*此作品的通讯作者

Beihang University
Guangxi Normal University
Shanghai Key Laboratory of Computer Software Evaluating and Testing

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

2 引用（Scopus）

摘要

Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary’s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user’s sensitive information (Such as the category of the user’s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user’s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP’s ability to protect user’s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8% higher classification accuracy) in the same privacy budget.

源语言	英语
主期刊名	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
编辑	Zhi Jin, Yuncheng Jiang, Wenjun Ma, Robert Andrei Buchmann, Ana-Maria Ghiran, Yaxin Bi
出版商	Springer Science and Business Media Deutschland GmbH
页	184-199
页数	16
ISBN（印刷版）	9783031402883
DOI	https://doi.org/10.1007/978-3-031-40289-0_15
出版状态	已出版 - 2023
活动	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings - Guangzhou, 中国期限: 16 8月 2023 → 18 8月 2023

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	14119 LNAI
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
国家/地区	中国
市	Guangzhou
时期	16/08/23 → 18/08/23

访问文件

10.1007/978-3-031-40289-0_15

其它文件与链接

链接到 Scopus 的出版物

引用此

Jiang, C., Xia, C., Liu, Z., & Wang, T. (2023). FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. 在 Z. Jin, Y. Jiang, W. Ma, R. A. Buchmann, A.-M. Ghiran, & Y. Bi (编辑), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings (页码 184-199). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14119 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-40289-0_15

Jiang, Changnan ; Xia, Chunhe ; Liu, Zhuodong 等. / FedDroidADP : An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. 编辑 / Zhi Jin ; Yuncheng Jiang ; Wenjun Ma ; Robert Andrei Buchmann ; Ana-Maria Ghiran ; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. 页码 184-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e698576aed6646e09ab02c8ee2a38e35,

title = "FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System",

abstract = "Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary{\textquoteright}s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user{\textquoteright}s sensitive information (Such as the category of the user{\textquoteright}s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user{\textquoteright}s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP{\textquoteright}s ability to protect user{\textquoteright}s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8\% higher classification accuracy) in the same privacy budget.",

keywords = "Android malware classification, Federated learning, Privacy-preserving, Sensitive knowledge",

author = "Changnan Jiang and Chunhe Xia and Zhuodong Liu and Tianbo Wang",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings ; Conference date: 16-08-2023 Through 18-08-2023",

year = "2023",

doi = "10.1007/978-3-031-40289-0\_15",

language = "英语",

isbn = "9783031402883",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "184--199",

editor = "Zhi Jin and Yuncheng Jiang and Wenjun Ma and Buchmann, \{Robert Andrei\} and Ana-Maria Ghiran and Yaxin Bi",

booktitle = "Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings",

address = "德国",

}

Jiang, C, Xia, C, Liu, Z & Wang, T 2023, FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. 在 Z Jin, Y Jiang, W Ma, RA Buchmann, A-M Ghiran & Y Bi (编辑), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 14119 LNAI, Springer Science and Business Media Deutschland GmbH, 页码 184-199, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings, Guangzhou, 中国, 16/08/23. https://doi.org/10.1007/978-3-031-40289-0_15

FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. / Jiang, Changnan; Xia, Chunhe; Liu, Zhuodong 等.
Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. 编辑 / Zhi Jin; Yuncheng Jiang; Wenjun Ma; Robert Andrei Buchmann; Ana-Maria Ghiran; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. 页码 184-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14119 LNAI).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - FedDroidADP

T2 - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

AU - Jiang, Changnan

AU - Xia, Chunhe

AU - Liu, Zhuodong

AU - Wang, Tianbo

PY - 2023

Y1 - 2023

N2 - Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary’s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user’s sensitive information (Such as the category of the user’s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user’s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP’s ability to protect user’s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8% higher classification accuracy) in the same privacy budget.

AB - Federated-Learning-based Android malware classification framework has attracted much attention due to its privacy-preserving and multi-party joint modeling. However, research shows indirect privacy inferences from curious central servers threaten this framework. Adding noise to the model parameters to limit the adversary’s inference to sensitive knowledge is widely used to prevent this threat. Still, it dramatically reduces the classification performance of the model. In response to this challenge, we propose a privacy-preserving framework FedDroidADP, which can adapt to the law of privacy risk distribution to protect the privacy of FL-based Android malware classifier users while maintaining model utility. First, we estimate the privacy risk of Android users in the classification system by calculating the mutual information between the sharing gradient and the user’s sensitive information (Such as the category of the user’s app and malware). Then, we designed an adaptive differential privacy protection mechanism ADP according to the distribution law of the privacy risk in time and space dimensions. The mechanism calculates the added lightweight noise required to protect the user’s sensitive information (to a certain extent) in a fine-grained manner to trade off model privacy and utility during the training of Android malware classification models. Extensive experiments on the Androzoo dataset show that FedDroidADP’s ability to protect user’s sensitive information is superior to the baseline differential privacy methods and achieves better model utility (about 8% higher classification accuracy) in the same privacy budget.

KW - Android malware classification

KW - Federated learning

KW - Privacy-preserving

KW - Sensitive knowledge

UR - https://www.scopus.com/pages/publications/85173007182

U2 - 10.1007/978-3-031-40289-0_15

DO - 10.1007/978-3-031-40289-0_15

M3 - 会议稿件

AN - SCOPUS:85173007182

SN - 9783031402883

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 184

EP - 199

BT - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

A2 - Jin, Zhi

A2 - Jiang, Yuncheng

A2 - Ma, Wenjun

A2 - Buchmann, Robert Andrei

A2 - Ghiran, Ana-Maria

A2 - Bi, Yaxin

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 16 August 2023 through 18 August 2023

ER -

Jiang C, Xia C, Liu Z, Wang T. FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System. 在 Jin Z, Jiang Y, Ma W, Buchmann RA, Ghiran AM, Bi Y, 编辑, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. 页码 184-199. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-40289-0_15

FedDroidADP: An Adaptive Privacy-Preserving Framework for Federated-Learning-Based Android Malware Classification System

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此