AI-powered malware detection with Differential Privacy for zero trust security in Internet of Things networks

<p dir="ltr">The widespread usage of Android-powered devices in the <u>Internet of Things</u> (IoT) makes them susceptible to evolving cybersecurity threats. Most healthcare devices in IoT networks, such as smart watches, smart thermometers, biosensors, and more, are powered by the<u> Android</u> operating system, where preserving the privacy of user-sensitive data is of <u>utmost importance</u>. Detecting <u>Android malware </u>is thus vital for protecting <u>sensitive</u> information and ensuring the reliability of IoT networks. This article focuses on AI-enabled <u>Android malware</u> detection for improving zero trust security in IoT networks, which requires <u>Android</u><u> applications </u>to be verified and authenticated before providing access to network resources. The zero trust security model requires strict <u>identity </u>verification for every entity trying to access resources on a private network, regardless of whether they are inside or outside the <u>network perimeter</u>. Our proposed solution, DP-RFECV-FNN, an innovative approach to Android <u>malware</u> detection that employs Differential Privacy (<u>DP</u>) within a Feedforward Neural Network (<u>FNN</u>) designed for IoT networks under the zero trust model. By integrating <u>DP</u>, we ensure the confidentiality of data during the detection process, setting a new standard for privacy in cybersecurity solutions. By combining the strengths of DP and zero trust security with the powerful learning capacity of the FNN, DP-RFECV-FNN demonstrates the ability to identify both known and novel malware types and achieves higher accuracy while maintaining strict privacy controls compared with recent papers. DP-RFECV-FNN achieves an accuracy ranging from 97.78% to 99.21% while utilizing static features and 93.49% to 94.36% for dynamic features of Android applications to detect whether it is malware or benign. These results are achieved under varying privacy budgets, ranging from ϵ = 0 . 1 to ϵ = 1 . 0 . Furthermore, our proposed feature selection pipeline enables us to outperform the state-of-the-art by significantly reducing the number of selected features and training time while improving accuracy. To the best of our knowledge, this is the first work to categorize Android malware based on both static and dynamic features through a privacy-preserving <u>neural network model.</u></p><h2>Other Information</h2><p dir="ltr">Published in: Ad Hoc Networks<br>License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.adhoc.2024.103523" target="_blank">https://dx.doi.org/10.1016/j.adhoc.2024.103523</a></p>