Hybrid Random Forest and XGBoost Approach for Android Malware Detection

Android malware continues to pose a serious threat to mobile security, frequently evading traditional signature-based detection techniques and compromising sensitive user data. While signature-based approaches are effective against known malware, they struggle to identify obfuscated and evolving threats. To address these limitations, this paper proposes a hybrid machine-learning framework for Android malware detection that integrates Random Forest and XGBoost classifiers. The model relies on static features, specifically API calls and application permissions, which are highly indicative of malicious behaviour. Experiments are conducted using the CIC-AndMal2017 dataset, consisting of labelled benign and malicious Android applications. A systematic feature-selection process is applied to retain the most informative API and permission features. Dimensionality reduction using t-Distributed Stochastic Neighbour Embedding (t-SNE) is employed to improve computational efficiency while preserving meaningful patterns in the data. Experimental results demonstrate that the proposed hybrid model achieves an accuracy of 91.20%, outperforming individual classifiers. The findings highlight the effectiveness of ensemble learning, optimised feature selection, and dimensionality reduction in building scalable and accurate Android malware detection systems.