Introduction: This study aims to develop an innovative framework that enhances Android malware detection by integrating static analysis with artificial intelligence (AI) methods. The primary goal is to identify critical features from application packages and use them to achieve high-accuracy classification. Methods: A static analysis framework was employed to extract comprehensive features—such as manifest data, API calls, permissions, and bytecode patterns—from Android application packages. For optimal feature selection, the Analysis of Variance (ANOVA) technique was applied to group 120 distinct features into meaningful categories, yielding robust feature vectors. A machine learning classifier was then trained on the CICMalDroid2020 dataset to evaluate the effectiveness of this approach. Results: The proposed Android malware classifier attained an accuracy of 94.22%, outperforming several recent studies on the same dataset. This demonstrates the advantage of combining an ANOVA-based feature selection strategy with an AI-driven classification model. Discussion: According to experiments, our method is effective for both on-demand (online) malware scanning services, allowing users to upload APK files to a server for quick inspection, and offline batch processing in enterprise malware analysis tasks. The system requires low hardware resources and can run as a background process on dedicated servers, enabling efficient and scalable malware detection across large Android app repositories without impacting resources. While our static analysis approach demonstrates good detection and classification capabilities, it faces limitations when APKs use string encryption, control-flow flattening, or dynamic class loading, which can cause some sophisticated malware to be missed. Conclusion: The findings confirm that an advanced static feature extraction method, coupled with a suitable AI classifier, can significantly enhance Android malware detection. By systematically grouping features using ANOVA and focusing on the most discriminative characteristics, the proposed framework achieves both high accuracy and practical applicability in real-world malware analysis scenarios.
Huynh et al. (Wed,) studied this question.