ENHANCING ANDROID MALWARE DETECTION THROUGH HYBRID FEATURE FUSION, DEEP LEARNING, AND EXPLAINABLE AI (XAI)

Abstract

The rapid proliferation of Android applications has led to a significant rise in sophisticated malware, posing serious security challenges. Traditional detection techniques, primarily based on static or dynamic analysis alone, often fail to effectively identify complex and obfuscated threats. This paper proposes a hybrid Android malware detection framework that integrates static and dynamic analysis to improve detection accuracy and reliability. In the static analysis phase, Android application packages (APK files) are decompiled using APKTool to extract features such as permissions, API calls, intents, activities, opcode sequences, and control flow graphs (CFGs). These features enable the identification of suspicious patterns without executing the application. In the dynamic analysis phase, applications are executed in a controlled Android emulator environment, where runtime behaviors are monitored using tools such as Frida, strace, and Monkey testing. This facilitates the capture of real-time behaviors including system calls, API interactions, and network activities. The extracted features from both phases are fused into a unified feature set and utilized for malware classification using deep learning techniques. Furthermore, Explainable Artificial Intelligence (XAI) methods are incorporated to enhance transparency and interpretability of the model’s decisions. A Flask-based web application is developed to provide an interactive interface for uploading APK files and visualizing analysis results. Experimental evaluation demonstrates that the proposed hybrid approach significantly improves detection performance and effectively identifies advanced malware.