Android malware detection using time-aware machine learning approach

In today's rapidly evolving digital landscape, the surge in smartphone usage is paralleled by an increasing wave of cyberthreats, highlighting the limitations of existing signature-based malware detection methods. To address this problem, our research introduces a Time-Aware Machine Learning (TAML) framework specifically designed for Android malware detection. Our framework extracts the best time-correlated features and then it builds time-aware and time-agnostic machine learning (ML) models. The ML models are trained on the KronoDroid dataset, which contains more than 41,000 benign Android apps and more than 36,000 malicious apps developed between 2008 to 2020. Our experimental evaluation revealed that the Last Modification Date 'LastModDate' feature is a critical variable for time-aware classification. Moreover, our empirical analysis reveals that real-device detection outperforms emulator-based detection. Impressively, the time-correlated features boosts the detection performance and achieving an outstanding 99.98% F1 score in a time-agnostic setting. In addition, on each year, our time-aware experiments outperformed the traditional ML detection models. Our time-aware classifier achieved a 91% F1 score on average and a maximum F1 score of 99% of yearly chunk experiments over 12 years. These experimental results affirm the effectiveness of our proposed method in detecting Android malware.