TabLSTMNet: enhancing android malware classification through integrated attention and explainable AI

Namrata Govind Ambekar,N. Nandini Devi,Surmila Thokchom,Yogita
DOI: https://doi.org/10.1007/s00542-024-05615-0
2024-03-15
Microsystem Technologies
Abstract:The proliferation of Android applications and their extensive adoption within the smartphone sector has contributed to an upsurge in malware infiltration and exploitation. Vulnerabilities in Android applications include the ability to modify devices remotely, obtain unauthorized access, and violate privacy, thereby endangering system security and user welfare. In previous research, machine learning has been shown to be effective in identifying malware events and spyware types. Nevertheless, attackers consistently develop more sophisticated methods of evasion. The application of traditional machine learning (ML) models is restricted in various domains due to their "black box" nature. Consequently, complex ML models are endowed with interpretability and explicability by eXplainable Artificial Intelligence (XAI). This study constructs an Android malware classification model called TabLSTMNet using updated datasets. This model employed the NATICUSdroid dataset and the TUNADROMD dataset, consisting of Android permissions and API features. The proposed TabLSTMNet model for classification distinguishes benign and malicious applications by integrating TabNet's attention mechanism and the long short-term memory (LSTM) architecture. Features derived from both models are fused and a soft voting classifier is utilized to determine the ultimate results. The TabLSTMNet model achieved 0.9710 of accuracy for the NATICUSdroid dataset and 0.9800 for the TUNADROMD dataset. Additionally, XAI methodologies are employed to elucidate the efficacy of the TabLSTMNet classifier. The classification model incorporates Local Interpretable Model-agnostic Explanation (LIME) and Shapely Additive Explanation (SHAP) to account for the contributions of local and global features respectively. By proactively identifying instances of Android malware, the proposed model may reduce the number of victims and increase user confidence.
engineering, electrical & electronic,materials science, multidisciplinary,nanoscience & nanotechnology,physics, applied
What problem does this paper attempt to address?