A Lightweight On-Device Detection Method for Android Malware

Abstract

Android malware poses severe threats to users, hence raising an urgent demand for malware detection. In-cloud Android malware detection often suffers privacy leakage and communication overheads. Therefore, this article focuses on on-device Android malware detection. At present, on-device malware detectors are usually trained on servers and then transplanted to mobile devices (e.g., smartphones). In practice, on-device training is particularly important due to the demand for offline updates. Because mobile devices are limited in resource, however, on-device training is hard to implement, especially for those high-complexity malware detectors. To overcome this challenge, we design a lightweight on-device Android malware detector, based on the recently proposed broad learning method. Our detector mainly uses one-shot computation for model training. Hence it can be fully or incrementally trained directly on mobile devices. As far as detection accuracy is concerned, our detector outperforms the shallow learning-based models, including support vector machine (SVM) and AdaBoost, and approaches the deep learning-based models multilayer perceptron (MLP) and convolutional neural network (CNN). Moreover, our detector is more robust to adversarial examples than the existing detectors, and its robustness can be further improved through on-device model retraining. Finally, its advantages are confirmed by extensive experiments, and its practicality is demonstrated through runtime evaluation on smartphones.