Android malware detection using a novel binary Firefly Bat feature selection algorithm

With more than two billion devices in use worldwide, Android devices have become favorite targets for cybercriminals. Kaspersky recently stated that mobile malwares mainly came from Android devices. Therefore, developing effective methods for detecting android malwares turn out to be an urgent need. Intelligent methods such as Data Mining and Machine Learning proved their merits in developing malware detection models and tools in different cybersecurity domains. However, as an established fact, Data Mining and Machine Learning models significantly affected by the quality of the training dataset. The number of features in the dataset plays an important role in developing intelligent models that balance discriminative power and low computational costs during both the training phase and the implementation (prediction) phase. In this research, we introduce a novel hybrid metaheuristic feature selection algorithm that leverages the exploration capacity of the Firefly Algorithm and the extrapolation capability of the Binary Bat Algorithm. Such an algorithm is called Binary Firefly Bat Algorithm (BFBA). In order to assess the performance of BFBA, a dataset containing an equal number of malware and benign Android applications is collected from different dependable sources. An initial feature set of 6292 attributes derived from API calls, opcodes, permissions, intents, and system commands was produced through static reverse engineering and analysis. Preliminary feature engineering using discrimination scoring and variance-threshold filtering reduced the feature space to 545 attributes while preserving discriminative information. Later, Random Forest and Support Vector Machine classifiers were trained using selected feature subsets produced by BFBA. Experimental results show that models created using BFBA-selected feature outperformed the models created using the feature subsets produced by several well-known metaheuristics like the Flower Pollination Algorithm, Grasshopper Optimization Algorithm, and Ant Colony Optimization. Such results confirm that exploration and exploitation were traded at an optimal trade-off in BFBA. Overall, experiments confirmed that BFBA positively participated in developing robust and efficient Android malware detection systems.