uitAnDiNeFed: android malware classification on distributed networks by using federated learning

Android operating system has become the most popular mobile operating system in recent years. This operating system is one of the targets most frequently attacked by hackers. Given these trends, Android malware classification has become necessary. Several studies have applied machine learning to the detection and classification Android malware. However, these studies have mainly followed centralized models. The training process was conducted on a single computer. This approach does not take advantage of the hardware resources of the many devices in distributed networks. In other studies, the training process has been deployed on multiple devices. However, they duplicated the dataset for all devices. This approach has several limitations in terms of storage space, bandwidth and privacy. Federated learning overcomes these limitations. In this study, we propose an Android malware classification system in distributed networks using federated learning called uitAnDiNeFed. The proposed system not only ensures the privacy of the subdatasets on distributed devices but also increases the accuracy when aggregating the global model from their local models. The proposed system was evaluated using the CICAndMal2020 dataset. We used three dataset partitioning scenarios: non-IID (non-independently and identically distributed), half-IID, and IID. The experimental results showed that the accuracy of the proposed system was highest when the IID dataset distribution was used. This result indicates that the proposed system can be used for other domains in a distributed network environment such as intrusion and DDoS detection.