Privacy-Preserving Android Malware Detection Using Deep Federated Learning

---

Résumé

This work represents a major breakthrough in the fields of legal Technology, digital governance and mobile cybersecurity. Malware attacks on Android are increasing daily at a considerable volume, making Android users more vulnerable to cyberattacks. In response to this growing threat, researchers have developed numerous machine learning and deep learning techniques to detect and mitigate these attacks. However, technological advances have led to an increase in the number of Android mobile devices, which are geographically dispersed, resulting in a distribution of data. This paper proposes an Android malware classification system based on federated learning (FL). To test our approach, we used four key datasets: Drebin, MalGenome, TUANDROMD and Kronodroid.We developed a neural network with a federated architecture and evaluated different algorithms, namely Multi-Layer Perceptron (MLP), Recurrent Neural Network (RNN), Deep Neural Network (DNN) and Convolutional Neural Network 1D (CNN Conv1D). The best-performing model is CNN Conv1D, achieving a precision of 97.62% and a recall of 98.15%. our federated approach maintains an optimal balance, effectively reducing false alarms while maximizing threat detection. The comparison of our approach with traditional centralized machine learning architecture reveals that it offers an optimal compromise between security, confidentiality and performance.This approach demonstrates that institutions can collaboratively train high-performance models on diverse and large-scale Android malware datasets without compromising user privacy. It brings key innovations, including a hybrid static and dynamic analysis, a comparative evaluation of multiple FL-compatible architectures, a contrastive study with centralized learning, and a real-world mobile deployment for on-device threat detection

Mots-clés

Android (operating system), Malware, Federated learning, Server, Mobile device