EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion

Wentao Wei, Jie Wang, Zheng Yan*, Wenxiu Ding

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

4 Citations (Scopus)


Android has stood at a predominant position in mobile operating systems for many years. However, its popularity and openness make it a desirable target of malicious attackers. There is an increasing need for mobile malware detection. Existing analysis methods fall into two categories, i.e., static analysis and dynamic analysis. The dynamic analysis is more effective and timely than the static one, but it incurs a high computational overhead, thus cannot be deployed in resource-constrained mobile devices. Existing studies solve this issue by outsourcing malware detection to the cloud. However, the privacy of mobile app runtime data uploaded to the cloud is not well preserved during both detection model training and malware detection. Numerous efforts have been made to preserve privacy with cryptography, which suffers from high computational overhead and low flexibility. To address these issues, in this paper, we propose an Intel SGX-empowered mobile malware detection scheme called EPMDroid. We also design a probabilistic data structure based on cuckoo filters, named CuckooTable, to effectively fuse features for detection and achieve high space efficiency. We conduct both theoretical analysis and real-world data based tests on EPMDroid performance. Experimental results show that EPMDroid can speed up malware detection by up to 43.8 times and save memory space by up to 3.7 times with the same accuracy, as compared to a baseline method.

Original languageEnglish
Pages (from-to)43-57
Number of pages15
JournalInformation Fusion
Early online dateJan 2022
Publication statusPublished - Jun 2022
MoE publication typeA1 Journal article-refereed


  • Data fusion
  • Intel SGX
  • Malware detection
  • Privacy preservation
  • Probabilistic data structures


Dive into the research topics of 'EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion'. Together they form a unique fingerprint.

Cite this