Detecting Android Malware Based on Static Analysis using Classification and Modified Clustering Techniques

Authors

Abdullah Allawi Al-Sraratee, College of Information Technology, University of Babylon, Babil, IraqFollow
Ahmed Habeeb Al-Azawei, College of Information Technology, University of Babylon, Babil, IraqFollow

ORCID

Abdullah Allawi Al-Sraratee: https://orcid.org/0009-0000-6565-5612

Ahmed Habeeb Al-Azawei: https://orcid.org/0000-0002-4121-2531

Article Type

Original Study

Abstract

Because Android malware harms internet security, prior research proposes several different approaches to detect it accurately. However, such proposed models depend on numerous number of features to attain high accuracy. This could lead to high computation cost and potential overfitting. Furthermore, manual data labeling is labor-intensive, requiring significant human effort and skills. This research aims to: 1) extend previous literature on Android malware detection, 2) improve the accuracy of Android malware detection based on a low number of features, and 3) modify a clustering technique to group data into two different clusters to address the issue of unlabeled data. To achieve such aims, this research implements feature reduction and selection techniques namely, Mutual Information and Principal Component Analysis (PCA). This can decrease feature dimensionality and maintain high classification accuracy. Random Forest and Multilayer Perceptron are applied on the CCCS-CIC-AndMal-2020 dataset to detect Android malware using static features only. On the other hand, the dataset labels are removed and the malware samples are separated using a modified K-Means++ clustering algorithm on the Drebin dataset. This is performed to propose a model that can avoid manual labeling in a case of unlabeled data. The findings suggest that the Multilayer Perceptron algorithm outperforms Random Forest with a detection accuracy of 99%, using a low number of features. This method reduces computing cost, maintains excellent classification accuracy, and enables an effective Android malware detection framework. Regarding the modified clustering algorithm, the result shows that two clusters are better than other possible number of categories. To identify the clusters’ type, an approach is suggested in which the overall outcomes support the proposed clustering approach.

Keywords

Android malware, Static analysis, Machine learning, Binary classification, Malware clustering

How to Cite This Article

Al-Sraratee, Abdullah Allawi and Al-Azawei, Ahmed Habeeb (2025) "Detecting Android Malware Based on Static Analysis using Classification and Modified Clustering Techniques," Journal of Intelligent Informatics, Networking, and Cybersecurity: Vol. 1: Iss. 1, Article 4.
Available at: https://jiinc.uobabylon.edu.iq/journal/vol1/iss1/4

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.