KWG-RFE: A TRI-STAGE HYBRID FEATURE REDUCTION FRAMEWORK FOR ANDROID MALWARE DETECTION

Abstract

Mobile computing has been transformed by the quick development and broad use of An- droid smartphones, but this has also given cybercriminals a larger attack surface. Among these, mobile malware poses the greatest threat to data, privacy, and system integrity for both individuals and companies. As a result, reliable, effective, and precise malware detection techniques that are exclusive to the Android ecosystem are desperately needed. This thesis introduces KWG-RFE, a hybrid feature selection strategy that offers a fresh approach to Android malware detection. This strategy combines three complementing techniques: Recursive Feature Elimination (RFE), Graph-based feature analysis, and the Kruskal-Wallis statistical test. These elements function in concert to filter and rank fea- tures according to their significance and effect on classification performance. The proposed method was validated using a large dataset of over 111,000 Android appli- cations, which included both malicious and benign samples. Each program had a num- ber of components removed, including hardware-related parts, intent filters, permissions, and API calls. In order to reduce dimensionality while maintaining crucial information pertinent to malware identification, these features were subsequently put through the KWG-RFE selection procedure. Both the full and reduced feature sets were used to train and assess a number of ma- chine learning classifiers, such as Random Forests, Decision Trees, and Support Vector Machines. With a full feature set of 97.75% and a competitive 94.50% accuracy after ap- plying the KWG-RFE feature reduction, the Random Forest classifier showed the highest detection accuracy among them. The findings show that, without compromising classi- fication performance, the suggested hybrid feature selection approach is quite successful at removing superfluous and unnecessary characteristics. All things considered, this study shows how effective it is to combine algorithmic, struc- tural, and statistical feature selection methods when it comes to Android malware de- tection. The suggested KWG-RFE approach is a useful addition to the field of mobile cybersecurity since it maintains a high level of accuracy while increasing detection effi- ciency by lowering computational overhead.