Efficient feature ranked hybrid framework for android Iot malware detection
Nahla Hafez Saeed, Alyaa A. Hamza, Mohamed A. Sobh, Ayman M. Bahaa-Eldin

TL;DR
This paper introduces a hybrid framework for detecting Android IoT malware using feature ranking and a Random Forest classifier, achieving high accuracy and interpretability.
Contribution
A novel dual feature-ranking mechanism combining Information Gain and Gini Index for efficient and accurate Android IoT malware detection.
Findings
The framework achieved accuracy between 99.03% and 100% across four benchmark datasets.
Cross-validation experiments confirmed the model's stability and generalizability.
Interpretability analysis identified key behavioral and static features influencing classification.
Abstract
Android-based IoT devices are still exposed to increasing sophistication in malware; therefore, detecting this malware using lightweight and accurate approaches is very important. This paper presents a hybrid malware detection framework, incorporating static and dynamic analysis with a dual feature-ranking mechanism based on Information Gain and Gini Index, for selecting the most relevant features. The framework uses a Random Forest classifier optimized via systematic hyperparameter tuning and is evaluated on four benchmark datasets: Drebin, CCCS-CIC-AndMal-2020, TUANDROMD, and CIMD-2024. It showed very consistent performance across all four datasets, yielding accuracy in the range of 99.03% to 100% with corresponding F1-scores in the range of 0.98 to 1.00. On the contrary, the highly imbalanced nature of the CIMD-2024 dataset essentially requires imbalance-handling strategies to…
Genes, proteins, chemicals, diseases, species, mutations and cell lines named across the full text — each resolved to its canonical identifier and authoritative record.
Click any figure to enlarge with its caption.
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Figure 17
Figure 18
Figure 19
Figure 1
Figure 20
Figure 21
Figure 22
Figure 23
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Software Testing and Debugging Techniques · Network Security and Intrusion Detection
