Enhanced Image Feature Selection Techniques for Visualization and Classification of Android Malware
摘要
Malware classification is a critical aspect of cybersecurity, requiring precise methods to distinguish between benign and malicious software. While knowing a device is infected is typically sufficient to initiate malware removal, understanding the specific malware families provides valuable insights for alerting, decision-making, and mitigation processes. One factor contributing to the proliferation of Android malware is the nature of the open source operating system, coupled with limited security oversight of its app store, Google play store. This study proposes a new approach that leverages visual-based features extracted from Grayscale images of malware. We use different machine learning models like Support Vector Machines (SVM), Convolutional Neural Networks (CNNs), k-Nearest Neighbor(kNN), Naive Bayes (NB), Decision Trees (DT), Random Forest, XGBoost, Gradient Boosting, AdaBoost, and CatBoost, along with semi-supervised clustering techniques such as K-Means and Agglomerative Clustering to classify malware. Our method involves rigorous hyperparameter tuning and comprehensive evaluation on the key metrics, which include accuracy, precision, recall, F1 score, and ROC–AUC. The CNN model achieves an accuracy of 98.25%, demonstrating its capability to capture complex visual patterns. Among traditional models, Random Forest performs best with an accuracy of 98.11%. Semi-supervised approaches further enhance classification accuracy through clustering, achieving a 97% accuracy. This study combines advanced machine learning models along with visual-based malware features for robust classification.