The popularity of the Android operating system has itself become a reason for privacy concerns. To deal with such malware threats, researchers have proposed various detection approaches using static and dynamic features. Static analysis approaches are the most convenient for practical detection. However, several patterns of feature usage were found to be similar in the normal and malware datasets. Such high similarity in both datasets’ feature patterns motivates us to rank and select only the distinguishing set of features. Hence, in this study, we present a novel Android malware detection system, termed as PHIGrader for ranking and evaluating the efficiency of the three most commonly used static features, namely permissions, intents, and hardware components, when used for Android malware detection. To meet our goals, we individually rank the three feature types using frequency-based Multi-Criteria Decision Making (MCDM) techniques, namely TOPSIS and EDAS. Then, the system applies a novel detection algorithm to the rankings involving machine learning and deep learning classifiers to present the best set of features and feature type with higher detection accuracy as an output. The experimental results highlight that our proposed approach can effectively detect Android malware with 99.10% detection accuracy, achieved with the top 46 intents when ranked using TOPSIS, which is better than permissions, hardware components, or even the case where other popular MCDM techniques are used. Furthermore, our experiments demonstrate that the proposed system with frequency-based MCDM rankings is better than other statistical tests such as mutual information, Pearson correlation coefficient, and t-test. In addition, our proposed model outperforms various popularly used feature ranking methods such as Chi-square, Principal Component Analysis (PCA), Entropy-based Category Coverage Difference (ECCD), and other state-of-the-art Android malware detection techniques in terms of detection accuracy.

中文翻译：

---

PHIGrader：使用多标准决策技术评估 Manifest 文件组件在 Android 恶意软件检测中的有效性


Android 操作系统的流行本身就成为隐私担忧的一个原因。为了应对此类恶意软件威胁，研究人员提出了使用静态和动态功能的各种检测方法。静态分析方法最便于实际检测。但是，在普通数据集和恶意软件数据集中发现几种功能使用模式相似。两个数据集的特征模式的如此高度相似性促使我们对不同的特征集进行排名并仅选择一组不同的特征。因此，在这项研究中，我们提出了一种新颖的 Android 恶意软件检测系统，称为 PHIGrader，用于对三个最常用的静态特征（即权限、意图和硬件组件）在用于 Android 恶意软件检测时的效率进行排名和评估。为了实现我们的目标，我们使用基于频率的多标准决策 （MCDM） 技术分别对三种特征类型进行排名，即 TOPSIS 和 EDAS。然后，该系统将一种新的检测算法应用于涉及机器学习和深度学习分类器的排名，以呈现具有更高检测准确性的最佳特征集和特征类型作为输出。实验结果强调，我们提出的方法可以有效地检测 Android 恶意软件，检测准确率为 99.10%，在使用 TOPIS 进行排名时，前 46 个意图实现，这比权限、硬件组件，甚至使用其他流行的 MCDM 技术的情况要好。此外，我们的实验表明，所提出的基于频率的 MCDM 排名的系统优于其他统计测试，例如互信息、Pearson 相关系数和 t 检验。 此外，我们提出的模型在检测准确性方面优于各种常用的特征排名方法，如卡方、主成分分析 （PCA）、基于熵的类别覆盖率差异 （ECCD） 和其他最先进的 Android 恶意软件检测技术。