A HYBRID STATIC AND DYNAMIC ANALYSIS APPROACH FOR ZERO-DAY MALWARE DETECTION IN ANDROID APPS

Security issues, such as the rise of zero-day malware that may bypass conventional detection methods, have become more pressing as the Android ecosystem has grown at a rapid pace. A thorough framework for detecting known and unknown zero-day malware in Android applications is presented in this paper, which is based on machine learning. A hybrid feature set was used to analyze a dataset of 1,500 apps. This set includes both static properties, such as permission usage and suspicious API calls, and dynamic behavioral indicators, such as system call bursts, CPU spike ratios, network requests, and file-system modifications. The dataset also included known malware and simulated zero-day malware. We trained and tested four ML models—Logistic Regression, Support Vector Machines, Random Forest, and Gradient Boosting—to see how well they differentiated between safe and malicious apps. With an AUC of 0.98 and an accuracy of 96.8%, Gradient Boosting proved to be the most effective method in terms of identifying zero-day threats, according to the experimental data. The results show that to improve Android security, hybrid analysis and sophisticated ensemble learning methods are needed.