The sale statistics of mobile devices demonstrate that Android has achieved the highest market share among the present operating systems in the mobile industry which provides more incentives for the attackers to generate Android malware applications. During recent years, machine learning techniques have been widely suggested in state-of-the-art as a practical solution in Android malware detection systems. Looking into these machine learning detection approaches, enough evidence was achieved regarding the fact that although feature selection methods have been widely used in machine learning platforms in other fields of studies, they have been rarely applied to Android malware detection systems. Hence, this gives motivation for further investigation of these techniques in Android malware detection systems.
To increase our understanding of the research area, this thesis has employed an exploratory approach and developed an Android malware detection framework based on a multi-objective feature selection technique, namely NSGAII. While as part of the research, a modification technique is applied to this method with the objective to improve the efficiency of the proposed method.
In the first two experiments, we attempted to discover the effectiveness of the proposed multi-objective feature selection approach compared to single-objective techniques in Android malware detection systems. Hence, the NSGAII method as a multi-objective technique is applied to two datasets for feature selection purposes. The experimental results demonstrate that the proposed multi-objective technique demonstrates better efficiency compared to four other single-objective feature selection approaches in both experiments. Moreover, the proposed Android malware detection framework is compared to state-of-the-art, and the results are promising in comparison with similar researches conducted on the same application collections.
Furthermore, we searched for any potential possibilities to improve the efficiency of the standard multi-objective techniques as part of the framework development process. Consequently, we proposed a two-step modification technique for the standard multi-objective genetic method, namely NSGAII. The most important purpose of this modification is to address the presence of redundant solutions in the standard NSGAII approach. In experiment 3 and 4, we evaluate the effectiveness of each step involved in the modification process using two different datasets where the experimental results demonstrate that the combination of both steps has demonstrated improvements in terms of accuracy and false-positive rate.