Towards a Lightweight Multi-View Android Malware Detection Model with Multi-Objective Feature Selection

Philipe Fransozi; Jhonatan Geremias; Eduardo K. Viegas; Altair O. Santin

doi:10.5753/jbcs.2026.5378

Authors

Philipe Fransozi Pontifical Catholic University of Parana (PUCPR) https://orcid.org/0000-0001-5836-1130
Jhonatan Geremias Pontifical Catholic University of Parana (PUCPR) https://orcid.org/0009-0007-7631-497X
Eduardo K. Viegas Pontifical Catholic University of Parana (PUCPR) https://orcid.org/0000-0002-5050-6363
Altair O. Santin Pontifical Catholic University of Parana (PUCPR) https://orcid.org/0000-0002-2341-2177

DOI:

https://doi.org/10.5753/jbcs.2026.5378

Keywords:

Android Malware, Machine Learning, Multi-view, Multi-objective

Abstract

In recent years, a wide range of new Machine Learning (ML) techniques with high accuracy have been developed for Android malware detection. Despite their high accuracy, these techniques are seldom implemented in production environments due to their limited generalization capabilities, leading to reduced performance when applied to real-world scenarios. In light of this, this paper introduces a novel multi-view Android malware detection model implemented in two stages. The first stage involves extracting multiple feature sets from the analyzed Android application package, offering complementary behavioral representations that improve the system's generalization in the classification process. In the second stage, a multi-objective optimization is conducted to identify the optimal feature subset from each view and fine-tune the hyperparameters of individual classifiers, enabling an ensemble-based classification approach. The core innovation of our approach lies in the proactive selection of feature subsets and the optimization of hyperparameters that together enhance classification accuracy while minimizing processing overhead within a multi-view framework. Experiments conducted on a newly developed dataset, consisting of over 40 thousand Android application samples, validate the effectiveness of our proposal. The results indicate that our model can increase true-positive rates by up to 18% while reducing inference processing costs by as much as 72%.

Downloads

Download data is not yet available.

References

Alani, M. M. and Awad, A. I. (2022). Paired: An explainable lightweight android malware detection system. IEEE Access, 10:73214–73228. DOI: 10.1109/access.2022.3189645.

Alani, M. M., Mashatan, A., and Miri, A. (2023). Xmal: A lightweight memory-based explainable obfuscated-malware detector. Computers & Security, 133:103409. DOI: 10.1016/j.cose.2023.103409.

Allix, K., Bissyandé, T. F., Klein, J., and Traon, Y. L. (2016). Androzoo: Collecting millions of android apps for the research community. 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pages 468-471. DOI: 10.1145/2901739.2903508.

Azad, M. A., Riaz, F., Aftab, A., Rizvi, S. K. J., Arshad, J., and Atlam, H. F. (2022). Deepsel: A novel feature selection for early identification of malware in mobile applications. Future Generation Computer Systems, 129:54–63. DOI: 10.1016/j.future.2021.10.029.

Bhat, P., Behal, S., and Dutta, K. (2023). A system call-based android malware detection approach with homogeneous & heterogeneous ensemble machine learning. Computers & Security, 130:103277. DOI: 10.1016/j.cose.2023.103277.

Costa, L. d. and Moia, V. (2023). A lightweight and multi-stage approach for android malware detection using non-invasive machine learning techniques. IEEE Access, 11:73127–73144. DOI: 10.1109/access.2023.3296606.

Cui, Y., Sun, Y., and Lin, Z. (2023). Droidhook: a novel api-hook based android malware dynamic analysis sandbox. Automated Software Engineering, 30(1). DOI: 10.1007/s10515-023-00378-w.

Curry, D. (2024). Android statistics (2024). Available at:[link].

Darwaish, A. and Nait-Abdesselam, F. (2020). Rgb-based android malware detection and classification using convolutional neural network. In IEEE Global Communications Conference. DOI: 10.1109/globecom42002.2020.9348206.

Deb, K., Pratap, A., Agarwal, S., and Meyarivan, T. (2002). A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Transactions on Evolutionary Computation, 6(2):182-197. DOI: 10.1109/4235.996017.

Gao, C., Du, Y., Ma, F., Lan, Q., Chen, J., and Wu, J. (2024). A new adversarial malware detection method based on enhanced lightweight neural network. Computers & Security, 147:104078. DOI: 10.1016/j.cose.2024.104078.

Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2022). Towards multi-view android malware detection through image-based deep learning. In 2022 International Wireless Communications and Mobile Computing (IWCMC), page 572–577. IEEE. DOI: 10.1109/iwcmc55113.2022.9824985.

Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2023). Towards a reliable hierarchical android malware detection through image-based cnn. In 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), page 242–247. IEEE. DOI: 10.1109/ccnc51644.2023.10060381.

Guerra-Manzanares, A., Bahsi, H., and Nõmm, S. (2021). Kronodroid: Time-based hybrid-featured dataset for effective android malware detection and characterization. Computers & Security, 110:102399. DOI: 10.1016/j.cose.2021.102399.

Hijazi, N., Aloqaily, M., Ouni, B., Karray, F., and Debbah, M. (2023). Harris hawks feature selection in distributed machine learning for secure iot environments. In ICC 2023 - IEEE International Conference on Communications. IEEE. DOI: 10.1109/icc45041.2023.10279042.

Kaspersky (2024). Attacks on mobile devices significantly increase in 2023. Available at:[link].

Kyadige, A., Rudd, E. M., and Berlin, K. (2020). Learning from context: A multi-view deep learning architecture for malware detection. In 2020 IEEE Security and Privacy Workshops (SPW). IEEE. DOI: 10.1109/spw50608.2020.00018.

Li, C., Lv, Q., Li, N., Wang, Y., Sun, D., and Qiao, Y. (2022). A novel deep framework for dynamic malware detection based on api sequence intrinsic features. Computers & Security, 116:102686. DOI: 10.1016/j.cose.2022.102686.

Ma, R., Yin, S., Feng, X., Zhu, H., and Sheng, V. S. (2024). A lightweight deep learning-based android malware detection framework. Expert Systems with Applications, 255:124633. DOI: 10.1016/j.eswa.2024.124633.

Mahindru, A. and Sangal, A. L. (2020). Mldroid—framework for android malware detection using machine learning techniques. Neural Computing and Applications, 33(10):5183–5240. DOI: 10.1007/s00521-020-05309-4.

Martín, A., Lara-Cabrera, R., and Camacho, D. (2019). Android malware detection through hybrid features fusion and ensemble classifiers: The andropytool framework and the omnidroid dataset. Information Fusion, 52:128–142. DOI: 10.1016/j.inffus.2018.12.006.

Millar, S., McLaughlin, N., Martinez del Rincon, J., and Miller, P. (2021). Multi-view deep learning for zero-day android malware detection. Journal of Information Security and Applications, 58:102718. DOI: 10.1016/j.jisa.2020.102718.

Millar, S., McLaughlin, N., Martinez del Rincon, J., Miller, P., and Zhao, Z. (2020). Dandroid: A multi-view discriminative adversarial network for obfuscated android malware detection. In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, CODASPY ’20, page 353–364. ACM. DOI: 10.1145/3374664.3375746.

Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2023). Towards a fair comparison and realistic evaluation framework of android malware detectors based on static analysis and machine learning. Computers & Security, 124:102996. DOI: 10.1016/j.cose.2022.102996.

Odat, E. and Yaseen, Q. M. (2023). A novel machine learning approach for android malware detection based on the co-existence of features. IEEE Access, 11:15471–15484. DOI: 10.1109/access.2023.3244656.

Pan, Y., Ge, X., Fang, C., and Fan, Y. (2020). A systematic literature review of android malware detection using static analysis. IEEE Access, 8:116363–116379. DOI: 10.1109/access.2020.3002842.

Pektaş, A. and Acarman, T. (2020). Learning to detect android malware via opcode sequences. Neurocomputing, 396:599–608. DOI: 10.1016/j.neucom.2018.09.102.

Qin, Y., Zhang, X., Yu, S., and Feng, G. (2025). A survey on representation learning for multi-view data. Neural Networks, 181:106842. DOI: 10.1016/j.neunet.2024.106842.

Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., and Xiang, Y. (2020). A survey of android malware detection with deep neural models. ACM Computing Surveys, 53(6):1–36. DOI: 10.1145/3417978.

Ravi, V., Alazab, M., Selvaganapathy, S., and Chaganti, R. (2022). A multi-view attention-based deep learning framework for malware detection in smart healthcare systems. Computer Communications, 195:73–81. DOI: 10.1016/j.comcom.2022.08.015.

Ribeiro, M. T., Singh, S., and Guestrin, C. (2016). "why should I trust you?": Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, August 13-17, 2016, pages 1135-1144. DOI: 10.48550/arXiv.1602.04938.

Seraj, S., Khodambashi, S., Pavlidis, M., and Polatidis, N. (2022). Hamdroid: permission-based harmful android anti-malware detection using neural networks. Neural Computing and Applications, 34(18):15165–15174. DOI: 10.1007/s00521-021-06755-4.

Smith, M. R., Johnson, N. T., Ingram, J. B., Carbajal, A. J., Haus, B. I., Domschot, E., Ramyaa, R., Lamb, C. C., Verzi, S. J., and Kegelmeyer, W. P. (2020). Mind the gap: On bridging the semantic gap between machine learning and malware analysis. In Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, CCS ’20. ACM. DOI: 10.2172/1831009.

Viegas, E., Santin, A. O., and Abreu Jr, V. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376. DOI: 10.1109/tnse.2020.3038618.

Virustotal (2024). Virustotal - analyze suspicious files. Available at:[link].

Wu, Y., Li, M., Zeng, Q., Yang, T., Wang, J., Fang, Z., and Cheng, L. (2023). Droidrl: Feature selection for android malware detection with reinforcement learning. Computers & Security, 128:103126. DOI: 10.1016/j.cose.2023.103126.

Şahin, D. O., Kural, O. E., Akleylek, S., and Kılıç, E. (2021). A novel permission-based android malware detection system using feature selection based on linear regression. Neural Computing and Applications, 35(7):4903–4918. DOI: 10.1007/s00521-021-05875-1.