FEdroid: Lightweight and Interpretable Detection of Android Malware Using Local Key Information and Feature Selection

The Android operating system, as the most widely adopted mobile platform globally due to its open-source nature and flexibility, faces significant security challenges, particularly from malicious software threats. Existing research on malicious software detection often involves complex feature engineering, which can be cumbersome and prone to noise, lacking effective feature selection mechanisms. Moreover, some studies employing deep learning methods exhibit lower efficiency. This paper proposes a lightweight and interpretable Android malicious software detection system, named "FEdroid," based on machine learning. The system simplifies the analysis process and extracts crucial information by focusing on code sections that utilize sensitive APIs. It utilizes XGBoost for cross-feature selection, concentrating on a minimal yet essential feature set to enhance detection accuracy while reducing device resource consumption. Experimental results demonstrate that the system achieves 98.26\% accuracy and only 1.86\% false negative rate on 18,653 APK samples, significantly improving detection efficiency and accuracy while effectively lowering resource consumption. Furthermore, by applying Shapley values for interpretability analysis, the transparency and comprehensibility of the classifier model are substantially enhanced, thereby significantly boosting the overall interpretability of the system.