6th International Conference on Mobile Computing and

Sustainable Informatics (ICMCSI 2025)

Title: “A Comparative Analysis for Android Malware Detection Using

Machine Learning Models (ICMCSI- 123)”

Authors : Harsh Shah, Vidit Shah, Nirmay Soni,

Vaishali Vadhavana, Krishna Patel

Devang Patel Institute of Advance Technology and Research ,

Charotar University of Science and Technology (CHARUSAT), Gujarat,
India.
01
OUTLINES
03 Introduction 0 Results
7

04 Litrature 0 Conclusio
Review 9 n

05 Dataset 0 Future Work

Description 9

06 Methodolog 1 References
y 0
02
Introduction
• Classifying malware is a procedure that provides added protection to the digital
environment. This enables the categorization and identification that of malicious
software.
• Over a billion distinct types of malware exist, and new variants emerge daily, so
effective strategies are being developed to combat malware. In the past, malware
was detected using signature-based technique. This required comparing the
suspicious code to a list of known malicious elements. However, there are issues
with this approach.
• Zero-day attacks are attacks that are frequently overlooked, and they occasionally
raise false alarms. Researchers are increasingly looking to deep learning (DL) and
machine learning (ML) for assistance in categorizing malware to address these
problems. Several machine learning (ML) algorithms perform well for this task.
• A few examples are Logistic Regression (LR), SVM, and KNN . These algorithms
learn from large data sets and keep improving; 95.5% and 96.2% accuracy values
were obtained in research that used KNN and SVM . It allows security professionals
to create solutions specific to each type of issue. Early detection of newly discovered
malware is crucial to controlling its spread .
03
 Literature Review
Sr no Paper Title Published By Algorithm Used Dataset Used Accuracy

Detecting Malware & Classifying It with Machine Learn Dataset Using the
1 IEEE,2020 KNN, Decision Tree, CNN, LR, Random forest, CNN UNSW-NB15 Dataset 99.98%
UNSW-NB15.
Real-World Android Application on
2 GHGDroid: Global heterogeneous graph-based android malware detection Elsevier, 2024 Graph Convolutional Network (GCN) 99.17%
Markets

Image-based malware detection based on convolution neural network with

3 auto encoder in Industrial Internet of Things using Software Defined Elsevier, 2024 (CNN-AE) Convolution neural network MalImg Dataset 98.50%
Networking Honeypot.

Color Channels
Boosting Malware Detection with Noise Reduction & Color Channel Separation Dataset:
4 Elsevier, 2024 SVM, Decision Tree, KNN, LR, XGBoost, Extra tree 98.64%
in Visualization Approaches.

Random Forest (RF) Classifier, Drebin,

Shapley Additive Explanation (SHAP)

GuardDroid: A Friendly & Lightweight Android Malware Detector for IoT
5 99%
Devices.
TUANDROMD

SIM-FED: A Friendly Model for Keeping Your IoT Safe from Malware Using a
6 IoT-23 Database 99.52%
Light 1D-CNN.
SIM-FED

DREBIN Feature
7 EvadeDroid: A Smart Approach to Outwit BlackBox Android Malware Detectors. EvadeDroid 86.67%
Set, Training Sets

Making Malware Detection Better: A Combo of Genetic Algorithms & Machine

8 J48, Rep Tree, Naïve Bayes, AdaboostM1 Malware, Benign 90%
Learning.

AndroidBotnets,
GMADV: A Friendly Look at Android Malware DetecƟon With RGB Markov Drebin,
9 Markov 97.74%
Images & GMM-G Training
CICAndMal2017

Federated Learning-
Federated LearningBased Markov Chains for Malware DetecƟon in Android IoT
10 Malware 99%
Devices.
Based Markov Chains
Dataset
Description
• Tezpur University Android Malware Dataset(TUANDROMD)

Symbols Classes
• The dataset contains 4,465 samples and 242 features,
primarily representing Android permissions and system
G Goodware
behaviors.
• Most features are binary, indicating whether a specific
M Malware
permission or behavior is present. The dataset has 242
missing values, with features like a
ACCESS_ALL_DOWNLOADS, RECEIVE_WAP_PUSH, and
RECORD_AUDIO.
• The majority of features have only two unique values (e.g., 0
and 1), signifying the binary nature of the data, which is ideal
for classification tasks.
• This structure highlights the dataset's suitability for detecting
patterns of malicious activity in Android applications using
05
machine learning models.
Methodology
• This paper investigates the classification of
Android applications into harmful and benign
categories using machine learning techniques .

• There are several phases in the procedure. Data

collection and preprocessing come first,
followed by model selection, training, and
performance assessment .

• Several techniques are utilized, including

Decision Tree classifiers, SVM, and KNN,
examining both static and dynamic
characteristics to determine which algorithm is
most effective in identifying malware in Android.
06
Resul
t
• The evaluation of KNN, Decision Tree, and SVM models for
Metrics KNN Decision SVM
Tree
malware detection reveals that the Decision Tree model
outperforms the others.
Training 0.9726 0.9972 0.9894
• It achieves the highest performance across all evaluated Accuracy
metrics, including a training accuracy of 0.9972, testing
accuracy of 0.9910, an F1 score of 0.99, recall of 0.98, and
Testing 0.9765 0.9910 0.9832
precision of 0.99. Accuracy
• The SVM model also demonstrates strong results, with an F1
F1 Score 0.98 0.99 0.9833
score of 0.9833, testing accuracy of 0.9832, and high
precision of 0.9835. Recall 0.97 0.98 0.9832
• Enhancing the precision of a model involves improving its
Precision 0.99 0.99 0.9835
ability to correctly identify true positive instances, which
reduces false positives.

• However, it slightly underperforms compared to the Decision

Tree model. The KNN model, although practical, exhibits
07
lower metrics than the Decision Tree and SVM models.
Continue..
.
The confusion matrix and ROC Curve after the final testing are shown in the
figure.

08
 Conclusion and Future
Work
• It classified applications into malicious and benign using a computer. It is critical to figure
out how to identify mobile malware since more and more people use mobile devices. The
study integrated two methodologies: static and dynamic analysis.

• This aided in extracting significant characteristics from Android applications. The machine
learning models could distinguish between safe and dangerous apps with relative ease by
examining the functionality and design of these applications.

• A successful outcome required preprocessing the dataset. To improve the performance of

the models, any missing data is fixed, and Feature Scaling is conducted.

• The overall objective is to safeguard user data and mobile devices from dangerous threats.
The study's findings provide a solid basis for creating malware detection systems that are
more successful in preventing malicious assaults on user data and mobile devices.
09
Reference
s 1. Kale, G., Bostancı, G. E., & Çelebi, F. V. (2024). Evolutionary feature selection for machine
[1] learningbased malware classification. Engineering Science and Technology, an International
Journal, 56,

1. Dash, S. K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., & Cavallaro, L. (2016, May). Droidscribe:
[2] Classifying Android malware based on runtime behavior. In 2016 IEEE Security and Privacy Workshops (SPW) (pp.
252-261). IEEE.

[3]
1. Milosevic, N., Dehghantanha, A., & Choo, K. K. R. (2017). Machine learning aided
Android malware classification. Computers & Electrical Engineering, 61, 266-274.

[4]
1. Shah, S. S. H., Jamil, N., Sidek, L. M., Alturki, N., & Zain, Z. M. (2024). MalRed: An innovative approach for
detecting malware using the red channel analysis of color images. Egyptian Informatics Journal, 26, 100478.

1. Nobakht, M., Javidan, R., & Pourebrahimi, A. (2024). SIM-FED: Secure IoT malware detection model with
[5] federated learning. Computers and Electrical Engineering, p. 116, 109139

10
Continue..
. [6]
Bostani, H., & Moonsamy, V. (2024). Evadedroid: A practical evasion attack on machine learning for blackbox
Android malware detection. Computers & Security, 139, 103676

Wajahat, A., He, J., Zhu, N., Mahmood, T., Nazir, A., Ullah, F., ... & Dev, S. (2024). Securing Android IoT
[7] devices with GuardDroid transparent and light there right malware detection. Ain Shams Engineering
Journal, 15(5), 102642.

[8] M. Young, The Technical Writer’s Handbook. Mill Valley, CA: University Science, 1989.

Najafi, P., Puenter, W., Cheng, F., & Meinel, C. (2024). You are your friends: Detecting malware via guilt-by
[9] association and exempt-by-reputation. Computers & Security, 136, 103519
.

Duan, G., Liu, H., Cai, M., Sun, J., & Chen, H. (2024). MaDroid: A maliciousness-aware multifeatured dataset
[10]
for detecting Android malware. Computers & Security, 144, 103969

11
THANK
YOU