OPTIMIZING ANDROID MALWARE DETECTION VIA HYBRID FEATURE SELECTION : A STUDY ON Z-TEST, MIFS & PSO

Abstract

The increasing prevalence of Android malware poses significant security risks, necessi- tating efficient detection techniques. With Android being the mobile operating system with the largest user base, it has become a key focus for harmful apps that take advan- tage of weaknesses to breach user privacy and device functionality. The rapid evolution and obfuscation of malware further challenge traditional detection approaches, making advanced detection strategies crucial. This study explores Android malware detection using binary data while optimizing feature selection through Z-test, Mutual Information Feature Selection (MIFS), and Par- ticle Swarm Optimization (PSO). Binary representation provides a structured and com- pact format, enabling consistent feature extraction from Android application packages (APKs). The three feature selection techniques employed in this study aim to eliminate irrelevant or redundant features, thereby enhancing model efficiency and detection ac- curacy. Z-test helps in identifying statistically significant features, MIFS evaluates the relevance of features based on mutual information, and PSO searches for an optimal feature subset using a population-based heuristic. We analyze malware detection performance across three feature sets—hardware, in- tents, and permissions—comparing results with and without feature selection. These feature categories are commonly used in static analysis and provide critical insights into app behavior, making them valuable for classification tasks. The comparison helps assess how much the selected features contribute to classification performance while reducing computational burden. Experimental findings reveal that applying feature selection significantly reduces the number of features (from 297 to as few as 55) while maintaining or improving classifi- cation accuracy. This reduction not only minimizes overfitting but also speeds up the training process. The model with the best performance achieved 97% accuracy, demon- strating that feature selection enhances malware detection while reducing computational complexity. The study confirms that thoughtful feature selection is essential for building lightweight, high-performing malware classifiers suited for real-world deployment.