Treffer: Reassessing feature-based Android malware detection in a contemporary context.
Nature. 2022 Aug;608(7922):250-251. (PMID: 35883008)
Patterns (N Y). 2023 Aug 04;4(9):100804. (PMID: 37720327)
Patterns (N Y). 2024 Aug 28;5(10):101046. (PMID: 39569205)
Sci Rep. 2024 May 10;14(1):10724. (PMID: 38730228)
Weitere Informationen
We report the findings of a reimplementation of 18 foundational studies in feature-based machine learning for Android malware detection, published during the period 2013-2023. These studies are reevaluated on a level playing field using a contemporary Android environment and a balanced dataset of 124,000 applications. Our findings show that feature-based approaches can still achieve detection accuracies beyond 98%, despite a considerable increase in the size of the underlying Android feature sets. We observe that features derived through dynamic analysis yield only a small benefit over those derived from static analysis, and that simpler models often out-perform more complex models. We also find that API calls and opcodes are the most productive static features within our evaluation context, network traffic is the most predictive dynamic feature, and that ensemble models provide an efficient means of combining models trained on static and dynamic features. Together, these findings suggest that simple, fast machine learning approaches can still be an effective basis for malware detection, despite the increasing focus on slower, more expensive machine learning models in the literature.
(Copyright: © 2026 Muzaffar et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.)
The authors have declared that no competing interests exist.