Privacy‑preserving Malware Detection In Mobile Wireless Networks: Implementation and Evaluation

This paper presents the implementation and empirical evaluation of a privacy‑preserving malware detection system for mobile wireless networks. Building directly on a layered theoretical framework, the prototype incorporates essential privacy primitives into a production workflow. The system features early-stage anonymisation (using k-anonymity with k=5 for quasi-identifiers like SEND_SMS), on-device encryption (Advanced Encryption Standard AES-256/128), secure key transport via Elliptic Curve Cryptography (ECC), and onion-routing-inspired relays for network-level security anonymity. A Feature Engineering Engine (FEE) extracts behaviour signals, which are then consumed by a detection engine that combines machine learning (ML) with mathematically grounded indicators (entropy, Markov chains, graph‑based relations). Using public datasets (Drebin, MalGenome, and CCCS‑CIC‑AndMal2020), we empirically assess detection accuracy and privacy–utility trade‑offs. Results demonstrate that the integrated privacy approach maintains nearly optimal detection accuracy (98.6% to 98.9% overall), confirming the theoretical viability of the design. Notably, anonymising quasi-identifiers (QIs) through k-anonymity resulted in a negligible decline in accuracy (~0.2 percentage points), and excluding AES-protected features from training did not reduce performance, demonstrating the system's resilience when sensitive data is hidden. This implementation demonstrates the feasibility of balancing strong security with effective threat detection in resource-constrained mobile environments, while explicitly acknowledging the current limitations related to unquantifiable CPU and battery overheads and the need for formal cryptographic proofs.