Classification of Hybrid Malware on Android: The Significance of Feature Importance in Decision Tree Analysis

Authors

DOI:

https://doi.org/10.30526/39.2.4293

Keywords:

Machine Learning, Classification, Android Malware, Decision Tree

Abstract

 

Malicious applications provide a growing and significant threat to Android users, developers, and application platforms. Experts have endeavored to create novel detection methodologies due to the ongoing advancement in the sophistication of malware and the escalating intensity of its damaging assaults. Within the framework of these initiatives, the detection of malware encounters a significant impediment due to the lack of clean and balanced datasets. This research seeks to develop a model proficient in identifying and categorizing various forms of hybrid malware on the Android platform, utilizing the Decision Tree (DT) model as the primary analytical instrument. The purpose of study is employing Machine Learning (ML) techniques for the categorization of network traffic related to malware programs. It presents ML approaches utilizing DT, K-Nearest Neighbors (K-NN), Naive Bayes (NB), and Logistic Regression (LR) for predicting network virus traffic. It conducts experiments on the CICAndMal2017 dataset. The technique comprises many essential stages, such as data processing, which includes the raw data that is refined through cleansing and transformation from text format to numerical format. To address the problem of class imbalance among application categories, the oversampling approach was employed to ensure equal representation of all malware types in the dataset, followed by feature engineering. The features were assessed via the Random Forest (RF) model to determine the permissions and behaviors that most significantly impact application classification. This facilitated comprehension of the principal variables behind harmful acts. The findings indicated that the DT model was proficient in prediction and showed superior performance relative to other models. The last classification reports confirmed that the model achieved a good balance between precision and recall in the classification of both secure applications and various malware types. The model's performance was measured by its accuracy, F1-score, recall, and precision; it achieved a score of 99.99% in all measures utilized

Author Biography

  • Nabaa Kareem Mhalhal, Directorate of Education, Miysan Governorate, Miysan, Iraq

    .

References

1. Smmarwar SK, Gupta GP, Kumar S. Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review. Telemat. Inform. Rep. 2024;14:100130. https://doi.org/10.1016/j.teler.2024.100130 .

2. Pathak A, Barman U, Shanta T. Machine learning approach to detect android malware using feature-selection based on feature importance score. J. Eng. Res. 2025;13(2):712–20. https://doi.org/10.1016/j.jer.2024.04.008 .

3. Fallah S, Bidgoly AJ. Benchmarking Machine Learning Algorithms for android malware detection. Jordanian. J. Comput. Inf. Technol. 2019;05(03):216–30.

4. Mbunge E, Muchemwa B, Batani J, Mbuyisa N. A review of deep learning models to detect malware in Android applications. Cyber secur. Appl. 2023;1:100014. https://doi.org/10.1016/j.csa.2023.100014 .

5. Smmarwar SK, Gupta GP, Kumar S. Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review. Telemat. Inform. Rep. 2024;14:100130. https://doi.org/10.1016/j.teler.2024.100130 .

6. Aamir M, Iqbal MW, Nosheen M, Ashraf MU, Shaf A, Almarhabi KA, et al. AMDDLmodel: Android smartphones malware detection using deep learning model. PLoS One. 2024;19:1–16. http://dx.doi.org/10.1371/journal.pone.0296722 .

7. Mhalhal NK, Behadil, SF. Mobility Prediction Based on Deep Learning Approach Using GPS Phone Data. Ibn Al-Haitham. J. Pure. Appl. Sci. 2024;37(4):423–38, https://doi.org/10.30526/37.4.3916 .

8. Habeeb MA, Khaleel YL. Enhanced Android Malware Detection through Artificial Neural Networks Technique. Mesopotamian. J. Cybersecur. 2025;5(1):62–77. https://doi.org/10.58496/MJCS/2025/005.

9. Alhogail A, Alharbi RA. Effective ML-Based Android Malware Detection and Categorization. Electron. 2025;14(8), https://doi.org/10.3390/electronics14081486 .

10. Ali SF, Abdulrazzaq MR, Gaata MT. Learning Techniques-Based Malware Detection: A Comprehensive Review. Mesopotamian. J. Cybersecur. 2025;5(1):273–300, https://doi.org/10.58496/MJCS/2025/018 .

11. Shatnawi AS, Jaradat A, Yaseen TB, Taqieddin E, Al-Ayyoub M, Mustafa D. An Android Malware Detection Leveraging Machine Learning. Wirel. Commun. Mob. Comput. 2022;2022, https://doi.org/10.1155/2022/1830201 .

12. Gracea M, Sughasiny M. Malware detection for Android application using Aquila optimizer and Hybrid LSTM-SVM classifier. EAI Endorsed. Trans. Scalable. Inf. Syst. 2023;10(1):1–11, https://doi.org/10.1007/978-3-319-59162-9_20 .

13. Islam R, Islam M, Saha S, Jamal M, Masud A. Internet of Things and Cyber-Physical Systems Android malware classification using optimum feature selection and ensemble machine learning. IoT. CPS. 2023;3:100–11. https://doi.org/10.1016/j.iotcps.2023.03.001 .

14. Mbunge E, Muchemwa B, Batani J, Mbuyisa N. A review of deep learning models to detect malware in Android applications. Cybersecur. Appl. 2023;1:100014. https://doi.org/10.1016/j.csa.2023.100014 .

15. Minh MV, Xuan C Do. A Novel Approach for Android Malware Detection Based on Intelligent Computing. Comput. Mater. Contin. 2024;81(3):4371–96. https://www.techscience.com/cmc/v81n3/59055 .

16. Mohanraj A, Sivasankari K. Android traffic malware analysis and detection using ensemble classifier. Ain. Shams. Eng. J. 2024 Dec;15(12):103134. https://doi.org/10.1016/j.asej.2024.103134 .

17. Shakya S, Dave M. Analysis, Detection, and Classification of Android Malware using System Calls. 2022; https://arxiv.org/abs/2208.06130 .

18. Ksibi A, Zakariah M, Almuqren L, Alluhaidan AS. Deep Convolution Neural Networks for Image-Based Android Malware Classification. Comput. Mater. Contin. 2025;82(3):4093–116, https://doi.org/10.32604/cmc.2025.059615 .

19. Gómez A, Muñoz A. Deep Learning-Based Attack Detection and Classification in Android Devices. Electron. 2023;12(15), https://doi.org/10.3390/electronics12153253 .

20. Abuthawabeh MKA, Mahmoud KW. Android malware detection and categorization based on conversation-level network traffic features. Proc - 2019 Int. Arab. Conf. Inf. Technol. ACIT 2019. 2019:42–7, https://doi.org/10.1109/ACIT47987.2019.8991114 .

21. Giannakas F, Kouliaridis V, Kambourakis G. A Closer Look at Machine Learning Effectiveness in Android Malware Detection. Inf. 2023;14(1), https://doi.org/10.3390/info14010002.

22. Jo J,Cho J, Moon J. A Malware Detection and Extraction Method for the Related Information Using the ViT Attention Mechanism on Android Operating System. Appl. Sci. 2023;13(11), https://doi.org/10.3390/app13116839.

23. Atacak İ,Kılıç K, Doğru İA. Android malware detection using hybrid ANFIS architecture with low computational cost convolutional layers. Peer. J. Comput. Sci. 2022;8.

24. Aboshady D, Ghannam N, Elsayed E, Diab L. The Malware Detection Approach in the Design of Mobile Applications. Symmetry (Basel). 2022;14(5):839. https://www.mdpi.com/2073-8994/14/5/839.

25. Alkahtani H, Aldhyani THH. Artificial Intelligence Algorithms for Malware Detection in Android‐Operated Mobile Devices. Sensors. 2022;22(6):1–26, https://doi.org/10.3390/s22062268.

26. Kavalcı Yılmaz E, Bakır R. Advanced Android Malware Detection: Merging Deep Learning and XGBoost Techniques. Bilişim. Teknol. Derg. 2025;18(1):45–61, https://doi.org/10.17671/gazibtd.1553548 .

27. Odat E, Yaseen QM. A Novel Machine Learning Approach for Android Malware Detection Based on the Co-Existence of Features. IEEE Access. 2023;11:15471–84, https://doi.org/10.1109/ACCESS.2023.3244656 .

28. Alabrah AA. Novel Neural Network Architecture Using Automated Correlated Feature Layer to Detect Android Malware Applications. Mathematics. 2023;11(20):1–14, https://doi.org/10.3390/math11204242 .

29. Vasani V, Bairwa AK, Joshi S, Pljonkin A, Kaur M, Amoon M. Comprehensive Analysis of Advanced Techniques and Vital Tools for Detecting Malware Intrusion. Electron. 2023;12(20):1–30, https://doi.org/10.3390/electronics12204299 .

30. Sudesh K, Shersingh , Siddhant , Karan V. Malware Classification Using Machine Learning Models. Procedia. Comput. Sci. 2024;235:1419–28. https://doi.org/10.1016/j.procs.2024.04.133 .

31. Elayan ON, Mustafa AM. Android malware detection using deep learning. Procedia Comput Sci. 2021;184(2019):847–52. https://doi.org/10.1016/j.procs.2021.03.106

Downloads

Published

20-Apr-2026

Issue

Vol. 39 No. 2 (2026)

Section

Computer

License

Copyright (c) 2026 Ibn AL-Haitham Journal For Pure and Applied Sciences

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

licenseTerms

How to Cite

[1]
Mhalhal, N.K. 2026. Classification of Hybrid Malware on Android: The Significance of Feature Importance in Decision Tree Analysis. Ibn AL-Haitham Journal For Pure and Applied Sciences. 39, 2 (Apr. 2026), 287–298. DOI:https://doi.org/10.30526/39.2.4293.
Crossref
Scopus
Google Scholar
Europe PMC