Federated learning-based robust android malware detection: label-flipping attacks and defenses

In recent years, federated learning (FL) has emerged as a promising approach for training machine learning (ML) models in a decentralized manner, allowing individual clients to collaboratively contribute to a global model without sharing their raw data. Given the privacy concerns in Android malware detection and the limited processing power of host devices, FL offers significant advantages in terms of privacy preservation, scalability, and the ability to address diverse malware threats. However, FL systems remain vulnerable to label-flipping attacks, in which adversaries intentionally manipulate class labels to degrade model performance during training. In this paper, we introduce two novel attack strategies tailored to FL environments: the Stealthiness-based Label-Flipping (SLF) attack, which perturbs labels with minimal detectability, and the Weight-based Adaptive Label-Flipping (WALF) attack, which dynamically selects samples to poison based on model confidence. To counter these threats, we propose two density-based defense mechanisms: a Local Outlier Factor (LOF)-based defense that leverages local density deviation, and a DBSCAN-based defense that identifies suspicious patterns through unsupervised clustering. Our comprehensive evaluation on three benchmark Android malware datasets–Drebin, Contagio, and Genome–demonstrates the superior performance of our methods. Notably, the LOF-based defense achieved up to 98.11% accuracy under the WALF attack on the Genome dataset, significantly outperforming state-of-the-art defenses such as FedDefender. These results highlight the robustness and effectiveness of our approach in securing FL-based Android malware detection systems against sophisticated adversarial threats.