Explainable Machine Learning Model for Android Malware Detection
Article Sidebar
Main Article Content
Abstract
This study addresses essential cybersecurity challenges in malware detection for applications by developing an explainable machine learning framework. The Stacking Ensemble approach achieves 99.89% accuracy in malware detection while maintaining high explainability through explainable AI (XAI) techniques. The research supports Vector Machines, K-Nearest Neighbours, Logistic Regression, Decision Trees, and Random Forest classifiers with ensemble strategies (Stacking and Voting), used by SHAP and LIME for transparency. The methodology shows that permissions, different API calls, and opcode-related attributes are the features to differentiate malicious applications. Experimental results show that the Stacking Ensemble, which combines individual classifiers across all metrics (accuracy, precision, recall, F1-score), offers a transparent solution for application security that addresses the black-box nature of traditional machine learning models.
Downloads
Article Details
Section
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
References
H. Alamro, W. Mtouaa, S. Aljameel, A. S. Salama, M. A. Hamza, and A. Y. Othman, "Automated Android Malware Detection Using Optimal Ensemble Learning Approach for Cybersecurity," *IEEE Access*, vol. 11, pp. 72509-72517, 2023. DOI: http://doi.org/10.1109/ACCESS.2023.3294263
S. Zhang, X. Xie, and Y. Xu, "A Brute-Force Black-Box Method to Attack Machine Learning-Based Systems in Cybersecurity," *IEEE Access*, vol. 8, pp. 128250-128263, 2020. DOI: http://doi.org/10.1109/ACCESS.2020.3008495
M. B. Mwangi and S. M. Cheng, "An Adversarial Attack on ML-Based IoT Malware Detection Using Binary Diversification Techniques," *IEEE Access*, vol. 12, pp. 175563-175578, 2024. DOI: http://doi.org/10.1109/ACCESS.2024.3506841
P. Musikawan, Y. Kongsorot, I. You, and C. So-In, "An Improved Deep Learning Neural Network for the Detection and Identification of Android Malware," *IEEE Access*, vol. 11, pp. 115475-115487, 2023. DOI: http://doi.org/10.1109/ACCESS.2023.3324524
F. S. Atedjio, J.-P. Lienou, F. F. Nelson, S. S. Shetty, and C. A. Kamhoua, "CycleGAN-Gradient Penalty for Enhancing Android Adversarial Malware Detection in Grey Box Setting," *IEEE Access*, vol. 12, pp. 42513-42526, 2024. DOI: http://doi.org/10.1109/ACCESS.2024.3377938
Z. Shu and G. Yan, "EAGLE: Evasion Attacks Guided by Local Explanations Against Android Malware Classification," *IEEE Transactions
On Dependable and Secure Computing*, vol. 21, no. 6, pp. 5436-5451, Nov.-Dec. 2024. DOI: http://doi.org/10.1109/TDSC.2024.3363446
N. Moustafa, N. Koroniotis, M. Keshk, A. Y. Zomaya, and Z. Tari, "Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions," *IEEE Communications Surveys & Tutorials*, vol. 25, no. 3, pp. 1775-1807, third quarter 2023. DOI: http://doi.org/10.1109/COMST.2023.3280465
R. Kalakoti, H. Bahsi, and S. Nomm, "Improving IoT Security With Explainable AI: Quantitative Evaluation of Explainability for IoT Botnet Detection," *IEEE Access*, vol. 12, pp. 85648-85666, 2024. DOI: http://doi.org/10.1109/ACCESS.2024.3413615
A. Rashid and J. Such, "MalProtect: Stateful Defence Against Adversarial Query Attacks in ML-Based Malware Detection," *IEEE Transactions on Dependable and Secure Computing*, vol. 20, no. 4, pp. 3165-3179, July-Aug. 2023.
DOI: http://doi.org/10.1109/TDSC.2022.3194598
G. Xu, G. Xin, L. Jiao, J. Liu, S. Liu, M. Feng, and X. Zheng, "OFEI: A Semi-Black-Box Android Adversarial Sample Attack Framework Against DLaaS," *IEEE Access*, vol. 12, pp. 59673-59688, 2024. DOI: http://doi.org/10.1109/ACCESS.2024.3392823
M. M. Alani and A. I. Awad, "PAIRED: An Explainable Lightweight Android Malware Detection System," *IEEE Access*, vol. 10, pp. 73214-73228, 2022. DOI: http://doi.org/10.1109/ACCESS.2022.3189390
G. Kirubavathi and S. Nithish, "Dynamic Ensemble Learning Framework Improved with XAI To Detect Android Malware," in *Proc. 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS)*, Dehradun, India, May 2024, pp. 1-6.
DOI: http://doi.org/10.1109/ISCS61804.2024.10581285
S. K. Smmarwar, G. P. Gupta, and S. Kumar, "An Explainable AI Approach for Android Malware Detection Using Deep Learning Techniques," in *Proc. 2023 IEEE World Conference on Applied Intelligence and Computing (AIC)*, Sonbhadra, India, July 2023, pp. 467-472. DOI: http://doi.org/10.1109/AIC57670.2023.10263905
R. Rajalakshmi, S. Pallavi, U. Naresh, S. Telang, and S. Kiran, "Advancing Malware Detection Using Memory Analysis and Explainable AI Approach," in *Proc. 2nd International Conference on Intelligent Cyber Physical Systems and IoT (ICoICI)*, Chennai, India, Nov. 2024, pp. 463-468. DOI: http://doi.org/10.1109/ICoICI58642.2024.10486624
A. Patel and S. M. Ghosh, "Android Malware Detection Using Explainable Machine Learning for Secure Computing," in *Proc. 2024 OPJU International Technology Conference (OTCON)*, Raigarh, India, June 2024, pp. 1-6. DOI: http://doi.org/10.1109/OTCON60325.2024.10687498
Y. Liu, C. Tantithamthavorn, L. Li, and Y. Liu, "Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well?" in *Proc. 2022 IEEE 33rd International Symposium on Software Dependability, trustworthiness, and consistency Engineering (ISSRE)*, Charlotte, NC, USA, Oct. 2022, pp. 169-180. DOI: http://doi.org/10.1109/ISSRE55969.2022.00026
M. S. Chandana Snehal, V. Nagoor, S. Rohit, R. S., S. K. Thangavel, K. Srinivasan, and P. Kapoor, "Towards Explainability Using ML and Deep Learning Models for Malware Threat Detection," *IEEE Access*, vol. 12, pp. 89441-89459, 2024. DOI: http://doi.org/10.1109/ACCESS.2024.3419062