AI-powered malware detection with Differential Privacy for zero trust security in Internet of Things networks

Abstract

The widespread usage of Android-powered devices in the Internet of Things (IoT) makes them susceptible to evolving cybersecurity threats. Most healthcare devices in IoT networks, such as smart watches, smart thermometers, biosensors, and more, are powered by the Android operating system, where preserving the privacy of user-sensitive data is of utmost importance. Detecting Android malware is thus vital for protecting sensitive information and ensuring the reliability of IoT networks. This article focuses on AI-enabled Android malware detection for improving zero trust security in IoT networks, which requires Android applications to be verified and authenticated before providing access to network resources. The zero trust security model requires strict identity verification for every entity trying to access resources on a private network, regardless of whether they are inside or outside the network perimeter. Our proposed solution, DP-RFECV-FNN, an innovative approach to Android malware detection that employs Differential Privacy (DP) within a Feedforward Neural Network (FNN) designed for IoT networks under the zero trust model. By integrating DP, we ensure the confidentiality of data during the detection process, setting a new standard for privacy in cybersecurity solutions. By combining the strengths of DP and zero trust security with the powerful learning capacity of the FNN, DP-RFECV-FNN demonstrates the ability to identify both known and novel malware types and achieves higher accuracy while maintaining strict privacy controls compared with recent papers. DP-RFECV-FNN achieves an accuracy ranging from 97.78% to 99.21% while utilizing static features and 93.49% to 94.36% for dynamic features of Android applications to detect whether it is malware or benign. These results are achieved under varying privacy budgets, ranging from $ϵ=0.1$ to $ϵ=1.0$. Furthermore, our proposed feature selection pipeline enables us to outperform the state-of-the-art by significantly reducing the number of selected features and training time while improving accuracy. To the best of our knowledge, this is the first work to categorize Android malware based on both static and dynamic features through a privacy-preserving neural network model.