Android malware detection using machine learning based on integrated static and dynamic features

Abstract

The motivation behind this study arises from increasing rate of Android malware attacks, which threaten user privacy, data security, and financial safety. Existing detection systems often fail to identify newly developed or obfuscated malware, creating a need for a more intelligent and adaptive solution. This study addresses the growing threat of Android malware caused by the rapid rise of mobile applications and the limitations of existing detection methods. Traditional approaches such as signature-based and heuristic-based detection often fail to recognize new or obfuscated malware, leading to high false positives. To address these challenges, this research proposes a machine learning–based framework that integrates both static and dynamic features for malware detection. The system was trained and tested on a balanced dataset of 500 Android applications, consisting of 250 benign apps and 250 malware samples. The system extracts key attributes such as permissions, API calls, system calls, and network behaviors, and applies classifiers including Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Naïve Bayes, Random Forest, and Multi-Layer Perceptron (MLP). Experimental results show that dynamic features provide higher accuracy than static features alone, while combining both improves robustness. Among the models, Random Forest achieved the best performance with an F1-score of 84.08% in the dynamic phase and 68.53% in the combined setting. The findings confirm that integrating static and dynamic features significantly enhances the accuracy and reliability of Android malware detection. This approach can assist mobile device users and cyber security firms in preventing malware attacks.