Android malware classification using optimum feature selection and ensemble machine learning
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
The majority of smartphones on the market run on the Android operating system. Security has been a core concern with this platform since it allows users to install apps from unknown sources. With thousands of apps being produced and launched daily, malware detection using Machine Learning (ML) has attracted significant attention compared to traditional detection techniques. Despite academic and commercial efforts, developing an efficient and reliable method for classifying malware remains challenging. As a result, several datasets for malware analysis have been generated and made available during the past ten years. These datasets may contain static features, such as API calls, intents, and permissions, or dynamic features, like logcat errors, shared memory, and system calls. Dynamic analysis is more resilient when it comes to code obfuscation. Though binary classification and multi-classification have been carried out in recent studies, the latter provides valuable insight into the nature of malware. Because each malware variant operates differently, identifying its category might help prevent it. Using the well-known ensemble ML approach called weighted voting, this study performed dynamic feature analysis for multi-classification. Random Forest, K-nearest Neighbors, Multi-Level Perceptrons, Decision Trees, Support Vector Machines, and Logistic Regression are all studied in this ensemble model. We used a recent dataset named CCCS-CIC-AndMal-2020, which contains an extensive collection of Android applications and malware samples. A well-researched data preparation phase followed by weighted voting based on R2 scores of the ML classifiers presents an accuracy of 95.0% even after excluding 60.2% features, outperforming all recent studies.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.000 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it