GSIDroid: A Suspicious Subgraph-Driven and Interpretable Android Malware Detection System.

In recent years, the growing threat of Android malware has caused significant economic losses and posed serious risks to user security and privacy. Machine learning-based detection approaches have improved the accuracy of malware identification, thereby providing more effective protection for Android users. However, graph-based detection methods rely on whole-graph computations instead of subgraph-level analyses, and they often ignore the semantic information of individual nodes. Moreover, limited attention has been paid to the interpretability of these models, hindering a deeper understanding of malicious behaviors and restricting their utility in supporting cybersecurity professionals for further in-depth research. To address these challenges, we propose GSIDroid, a novel subgraph-driven and interpretable Android malware detection framework designed to enhance detection performance, reduce computational overhead, protect user security, and assist security experts in rigorous malware analysis. GSIDroid focuses on extracting suspicious subgraphs, integrating deep and shallow-semantic features with permission information, and incorporating both global and local interpretability modules to ensure transparent, trustworthy, and analyzable detection results. Experiments conducted on 14,520 samples demonstrate that GSIDroid achieves an F1 score of 97.14%, and its interpretability module successfully identifies critical nodes and permission features that influence detection decisions, thereby enhancing practical deployment and supporting further security research.