EFFICIENT ANDROID MALWARE DETECTION USING INCREMENTAL LEARNING WITH SGDCLASSIFIER

Abstract

Malware that targets sensitive user data and system resources has dramatically increased security vulnerabilities as a result of the growing adoption of Android smartphones and mobile applications. Given Android’s open-source nature and widespread adoption, it has become a primary target for malicious software. Traditional malware detection methods—particularly those based on static datasets—are increasingly unable to cope with the dynamic and evolving nature of modern threats. This has motivated a shift toward more adaptive and scalable solutions. This thesis presents an efficient Android malware detection system using incremental learning with the Stochastic Gradient Descent Classifier (SGDClassifier). Our approach is grounded in static analysis, which offers several advantages including faster processing time, scalability, and the ability to analyze apps without execution. The core contribution lies in the integration of diverse static features—such as application permissions, intent signals, and hardware metadata—to form a comprehensive feature representation of each app. These features are then fed into an incrementally trained SGDClassifier, which updates its model over successive mini- batches of data, eliminating the need for complete retraining and making it highly suitable for real- time application. We use a dataset of 24,140 Android applications sourced from the AndroZoo repository, evenly split between benign and malicious samples. Each application's static features are encoded into structured vectors to be processed incrementally. The classifier is trained using small batches, progressively refining its decision boundary with each new set of samples. This setup emulates real-world environments like app marketplaces where new data is constantly arriving. Malware that targets sensitive user data and system resources has dramatically increased security vulnerabilities as a result of the growing adoption of Android smartphones and mobile applications. Notably, the incremental learning setup helps address issues of concept drift, computational overhead, and scalability, which are critical in dynamic cybersecurity ecosystems. In conclusion, this work demonstrates that incremental learning, specifically using SGDClassifier, offers a practical and high-performance solution for Android malware detection. It ensures continual adaptation, efficient computation, and accurate classification, paving the way for deployment in large-scale mobile security systems.