Intelligent Hybrid Android Malware Detection through Static, Dynamic, and Machine Learning Analysis

Abstract

The rapid expansion of the Android ecosystem, combined
with its open-source architecture and fragmented security
controls, has significantly increased exposure to
sophisticated mobile malware threats. Conventional
detection approaches relying solely on static or dynamic
analysis often fail to provide comprehensive protection due
to limitations such as vulnerability to code obfuscation, high
computational overhead, and reduced effectiveness against
zero-day attacks. This study proposes an intelligent hybrid
Android malware detection framework that integrates
static code analysis, dynamic behavioral monitoring, and
machine learning techniques to improve detection accuracy
and robustness. Static features—including permissions, API
calls, and opcode sequences—are combined with dynamic
features such as system calls, network activity, and memory
usage to form a unified feature representation. Multiple
classification models, including Support Vector Machines,
Random Forests, XGBoost, Convolutional Neural Networks,
and Long Short-Term Memory networks, are employed to
evaluate detection performance. The hybrid feature fusion
strategy aims to leverage complementary analytical
strengths while minimizing false positives and negatives.
Experimental evaluation using benchmark datasets such as
Drebin, AndroZoo, and CICMalDroid demonstrates the
effectiveness of the proposed approach in enhancing
classification reliability while addressing computational
trade-offs. The findings highlight the potential of hybrid
intelligent systems to provide scalable and resilient
defenses against evolving Android malware, offering
valuable insights for future secure mobile application
ecosystems.