{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T16:06:24Z","timestamp":1776873984282,"version":"3.51.2"},"reference-count":51,"publisher":"Wiley","issue":"6","license":[{"start":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T00:00:00Z","timestamp":1759017600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Security and Privacy"],"published-print":{"date-parts":[[2025,11]]},"abstract":"ABSTRACT<\/jats:title>\n Android is a popular target for malware attacks due to its rapid proliferation, which emphasizes the need for efficient and understandable detection methods. A novel ensemble\u2010based framework that combines semantic feature engineering (SFE) and explainable artificial intelligence (XAI) is presented in this paper. It addresses the generalizability and transparency issues with current models. The purpose of combining low\u2010level Android permissions into high\u2010level semantic categories is to improve interpretability and reduce feature dimensionality, making the model easier to understand. Grid search optimization is used to assess a stacked ensemble classifier that consists of k\u2010nearest neighbors (KNN), random forest (RF), gradient boosting (GB), and support vector machine (SVM) models with a logistic regression (LR) as a meta\u2010learner on the TUANDROMD dataset. The model demonstrates strong class separation and generalization with a high test accuracy of 97.54%, with an F1\u2010score of 0.9847 and a ROC\u2010AUC of 0.9929. For explainability, permutation feature importance (PFI), partial dependence plots (PDPs), and a global surrogate decision tree (GSDT) are used. Results show that network and location permissions are the most important features. This study offers a robust and interpretable solution for Android malware detection. Its combination of SFE, ensemble learning (EL), and XAI makes it suitable for real\u2010world cybersecurity applications, especially on mobile devices.<\/jats:p>","DOI":"10.1002\/spy2.70110","type":"journal-article","created":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T04:34:36Z","timestamp":1759120476000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Stacked Ensemble Framework for Android Malware Detection Using Semantic Permission Aggregation and Explainable\n AI<\/scp>"],"prefix":"10.1002","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-2593-449X","authenticated-orcid":false,"given":"Priya","family":"Pudke","sequence":"first","affiliation":[{"name":"Dr. B R Ambedkar National Institute of Technology Jalandhar Jalandhar India"}]},{"given":"Urvashi","family":"Bansal","sequence":"additional","affiliation":[{"name":"Dr. B R Ambedkar National Institute of Technology Jalandhar Jalandhar India"}]}],"member":"311","published-online":{"date-parts":[[2025,9,28]]},"reference":[{"key":"e_1_2_11_2_1","unstructured":"StatCounter Mobile Operating System Market Share India accessed May 19 2025 https:\/\/gs.statcounter.com\/os\u2010market\u2010share\/mobile\/india."},{"key":"e_1_2_11_3_1","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/746930"},{"key":"e_1_2_11_4_1","first-page":"223","volume-title":"Protecting Mobile Networks and Devices","author":"Kadir A. F. A.","year":"2016"},{"key":"e_1_2_11_5_1","first-page":"86435","article-title":"Benchmark Data Repositories for Better Benchmarking","volume":"37","author":"Longjohn R.","year":"2024","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_2_11_6_1","doi-asserted-by":"publisher","DOI":"10.18280\/ijsse.140126"},{"key":"e_1_2_11_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-023-16035-z"},{"key":"e_1_2_11_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/s41870-023-01392-7"},{"key":"e_1_2_11_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.iotcps.2023.03.001"},{"key":"e_1_2_11_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12652\u2010021\u201003376\u20106"},{"key":"e_1_2_11_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS47205.2019.9040821"},{"key":"e_1_2_11_12_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-024-60982-y"},{"key":"e_1_2_11_13_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-024-00182-3"},{"key":"e_1_2_11_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-024-10950-4"},{"key":"e_1_2_11_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2025.112908"},{"key":"e_1_2_11_16_1","doi-asserted-by":"publisher","DOI":"10.4018\/JDM.318414"},{"key":"e_1_2_11_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3485593"},{"key":"e_1_2_11_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2024.3477442"},{"key":"e_1_2_11_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102622"},{"key":"e_1_2_11_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-023-03414-5"},{"key":"e_1_2_11_21_1","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0310230"},{"key":"e_1_2_11_22_1","doi-asserted-by":"publisher","DOI":"10.58496\/MJCS\/2025\/008"},{"key":"e_1_2_11_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103691"},{"key":"e_1_2_11_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103676"},{"key":"e_1_2_11_25_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-023-30028-w"},{"key":"e_1_2_11_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103807"},{"key":"e_1_2_11_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-022-00579-6"},{"key":"e_1_2_11_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695008"},{"key":"e_1_2_11_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102696"},{"issue":"1","key":"e_1_2_11_30_1","article-title":"Are Malware Detection Classifiers Adversarially Vulnerable to Actor\u2010Critic Based Evasion Attacks?","volume":"10","author":"Rathore H.","year":"2022","journal-title":"EAI Endorsed Transactions on Scalable Information Systems"},{"key":"e_1_2_11_31_1","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/8736946"},{"key":"e_1_2_11_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-023-05741-y"},{"key":"e_1_2_11_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-024-00513-5"},{"key":"e_1_2_11_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2024.103741"},{"issue":"4","key":"e_1_2_11_35_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3702990","article-title":"Temporal\u2010Incremental Learning for Android Malware Detection","volume":"34","author":"Sun T.","year":"2025","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_2_11_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2024.125546"},{"key":"e_1_2_11_37_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-024-74017-z"},{"key":"e_1_2_11_38_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-025-98596-7"},{"key":"e_1_2_11_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104027"},{"key":"e_1_2_11_40_1","volume-title":"TUANDROMD (Tezpur University Android Malware Dataset) [Dataset]","author":"Borah P.","year":"2020"},{"key":"e_1_2_11_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33704-8_20"},{"key":"e_1_2_11_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0164-1212(99)00062-X"},{"key":"e_1_2_11_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/10984697_1"},{"key":"e_1_2_11_44_1","doi-asserted-by":"publisher","DOI":"10.3389\/fnbot.2013.00021"},{"key":"e_1_2_11_45_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_2_11_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-39964-3_62"},{"key":"e_1_2_11_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78503-5_6"},{"key":"e_1_2_11_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32236-6_51"},{"key":"e_1_2_11_49_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btq134"},{"key":"e_1_2_11_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-44064-9_24"},{"issue":"9","key":"e_1_2_11_51_1","first-page":"2039","article-title":"Evolutionary Model Type Selection for Global Surrogate Modeling","volume":"10","author":"Gorissen D.","year":"2009","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_2_11_52_1","doi-asserted-by":"crossref","unstructured":"N.Rane M.Paramesha andJ.Rane \u201cTrustworthy Artificial Intelligence: Enhancing Trustworthiness Through Explainable AI (XAI)\u201d(2024) Available at SSRN 4873183.","DOI":"10.2139\/ssrn.4880090"}],"container-title":["SECURITY AND PRIVACY"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spy2.70110","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T07:43:41Z","timestamp":1763451821000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spy2.70110"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,28]]},"references-count":51,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["10.1002\/spy2.70110"],"URL":"https:\/\/doi.org\/10.1002\/spy2.70110","archive":["Portico"],"relation":{},"ISSN":["2475-6725","2475-6725"],"issn-type":[{"value":"2475-6725","type":"print"},{"value":"2475-6725","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,9,28]]},"assertion":[{"value":"2025-05-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-13","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e70110"}}