ABSTRACT The primary cybersecurity threat addressed in this work arises from Android malware that bypasses conventional fingerprint‐based defenses by exploiting permission misuse, intent filters, and code obfuscation techniques. To address this challenge, this paper proposes an interpretable and rational malware detection framework based on ensemble learning. Five machine learning classifiers—Logistic Regression, Random Forest, Gradient Boosting, XGBoost, and Neural Networks—were evaluated using three Android malware datasets, namely CHIMERA, Mendeley, and NaticusDroid. The proposed methodology employs a strict preprocessing pipeline, a hybrid interactive feature selection and elimination strategy, five‐fold cross‐validation, and hyperparameter optimization. Experimental results show that ensemble models, particularly XGBoost and Random Forest, achieve predictive accuracies exceeding 97% even on limited or noisy datasets such as Mendeley and NaticusDroid. Interpretability analysis using SHAP reveals that critical Android permissions, including READPHONESTATE, SENDSMS, and RECEIVEBOOTCOMPLETED, strongly influence model decisions and are closely associated with real‐world malicious behaviors such as data exfiltration and persistence. Duplicate sample filtering improves computational efficiency and slightly mitigates overfitting, while adversarial evaluation provides insights into model robustness against evasion attacks. Overall, the findings demonstrate that ensemble learning combined with explainable AI yields malware detection models that are both highly accurate and transparent, providing a practical foundation for interpretable and adversarially resilient Android malware detection. Future work will focus on real‐world deployment.
Venkatesh et al. (Wed,) studied this question.