Elevating Mobile Security: An Ensemble Approach for Enhanced Malware Detection with M-iForest

Abstract

The rapid advancement of technologies and the widespread use of smartphones have given rise to new malware threats. However, the sophisticated techniques adopted by malware creators have significantly diminished the effectiveness of traditional security measures, including signature-based detection and antivirus tools solutions ineffective. To address this issue, current malware detection methods rely on extracting malware features and analyzing them using static, dynamic, or hybrid techniques. In this paper, an innovative fusion Android malware detection system has been proposed. The fusion system is based on two parallel subsystems working together. The first subsystem is trained on benign-labeled applications, while the other one focuses on malware-labeled applications. Each subsystem leverages an ensemble approach, combining one class support vector machine (OC-SVM), local outlier factor (LOF), and a modified isolation forest (M-iForest) classifier. The evaluation has been done using two benchmark Android malware datasets, which are DREBIN and CICAndMal2017. The proposed system achieves an accuracy rate of 97.05% and an F-score of 95.87% for the DREBIN dataset. Similarly, for the CICAndMal2017 dataset, it attains an accuracy rate of 99.01% and an impressive F-score of 96.58%. The proposed approach outperforms several existing methods that use the same dataset in terms of accuracy, F-score, and false-positive rate (FPR).