Hybroid: A Novel Hybrid Android Malware Detection Framework

Abstract

Android, the most widely-used mobile operating system, attracts the attention of malware developers as well as benign users. Despite the serious proactive actions taken by Android, the Android malware is still widespread as a result of the increasing sophistication and the diversity of malware. Android malware detection systems are generally classified into two: (1) Static analysis, and (2) dynamic analysis. In this study, a novel Android malware detection framework, namely, Hybroid, was proposed which combines both the static and dynamic analysis techniques to benefit from the advantages of both of these techniques. An up-to-date version of Android, namely, Android Oreo, was specifically employed in order to handle the problem from an up-to-date perspective as the recent versions of Android provide new security mechanisms, which are discussed with this study. Hybroid was evaluated on a large dataset that consists of 10,658 applications, and the accuracy of Hybroid was calculated as high as 99.5% when it was utilized with the J48 classification algorithm which outperforms the state-of-the-art studies. The key findings in consequence of the experimental result are discussed in order to shed light on Android malware detection.