Citation: Alazzam, H.; Al-Adwan, A.;
Abualghanam, O.; Alhenawi, E.;
Alsmady, A. An Improved Binary
Owl Feature Selection in the Context
of Android Malware Detection.
Computers 2022, 11, 173. https://
doi.org/10.3390/computers11120173
Academic Editors: Phivos Mylonas,
Katia Lida Kermanidis and Manolis
Maragoudakis
Received: 7 October 2022
Accepted: 22 November 2022
Published: 30 November 2022
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2022 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Article
An Improved Binary Owl Feature Selection in the Context of
Android Malware Detection
Hadeel Alazzam
1,
* , Aryaf Al-Adwan
2,
*, Orieb Abualghanam
3,
* , Esra’a Alhenawi
4
and Abdulsalam Alsmady
5
1
Department of Intelligent Systems, Al-Balqa Applied University, Al-Salt 19117, Jordan
2
Department of Autonomous Systems, Al-Balqa Applied University, Al-Salt 19117, Jordan
3
Department of Computer Science, University of Jordan, Amman 11942, Jordan
4
Department of Software Engineering, Al-Ahliyya Amman University, Amman 19328, Jordan
5
Department of Computer Engineering, Jordan University of Science and Technology, Irbid 22110, Jordan
* Correspondence: hadeel.alazzam@bau.edu.jo (H.A.); aryaf_aladwan@bau.edu.jo (A.A.-A.);
o.abualganam@ju.edu.jo (O.A.)
Abstract:
Recently, the proliferation of smartphones, tablets, and smartwatches has raised security
concerns from researchers. Android-based mobile devices are considered a dominant operating
system. The open-source nature of this platform makes it a good target for malware attacks that
result in both data exfiltration and property loss. To handle the security issues of mobile malware
attacks, researchers proposed novel algorithms and detection approaches. However, there is no
standard dataset used by researchers to make a fair evaluation. Most of the research datasets were
collected from the Play Store or collected randomly from public datasets such as the DREBIN dataset.
In this paper, a wrapper-based approach for Android malware detection has been proposed. The
proposed wrapper consists of a newly modified binary Owl optimizer and a random forest classifier.
The proposed approach was evaluated using standard data splits given by the DREBIN dataset in
terms of accuracy, precision, recall, false-positive rate, and F1-score. The proposed approach reaches
98.84% and 86.34% for accuracy and F-score, respectively. Furthermore, it outperforms several related
approaches from the literature in terms of accuracy, precision, and recall.
Keywords: Android malware detection; binary owl optimizer; DREBIN dataset
1. Introduction
Malware is the abbreviation of “Malicious Software”, and refers to unwanted types
of software regardless of its type, intent, or distribution method (e.g., virus, Trojan horse,
worms, spyware, etc.) [
1
]. The Malware infects systems with the intent to gain access to
sensitive information. Malware detection is the process of detecting malware on a host
device, or the process of determining whether a program is malicious or benign. Malware
continues to be a problematic security issue, especially in the software and cyber-security
fields. Until the advent of smartphones, malware was only significantly found in computers.
However, recent technological advancements have seen malware become conspicuous in
smartphones and mobile devices that run on the Android platform. The fact that Android
is the most popular and widely used platform for smartphones and mobile devices renders
it an ideal target for malware attacks. Nonetheless, there have been significant efforts
from the corresponding stakeholders aimed at establishing concrete measures for detecting
malware in Android platforms.
Notably, the fact that the majority of applications utilized in an Android platform can
be accessed from a common source provides leeway for publishers of malware content.
As such, there is always the likelihood that a user with malicious intent can publish an
application that is intended to act as malware. In the majority of cases, a potential malware
application usually mimics a typical app though it is designed to achieve root control
Computers 2022, 11, 173. https://doi.org/10.3390/computers11120173 https://www.mdpi.com/journal/computers
