{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T09:59:45Z","timestamp":1771667985931,"version":"3.50.1"},"reference-count":46,"publisher":"Institution of Engineering and Technology (IET)","issue":"1","license":[{"start":{"date-parts":[[2024,2,17]],"date-time":"2024-02-17T00:00:00Z","timestamp":1708128000000},"content-version":"vor","delay-in-days":47,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62171228"],"award-info":[{"award-number":["62171228"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2021YFE0105500"],"award-info":[{"award-number":["2021YFE0105500"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["ietresearch.onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["IET Information Security"],"published-print":{"date-parts":[[2024,1]]},"abstract":"<jats:p>The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end\u2010users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This kind of method has two limitations: the first is that the current single\u2010permission mechanism is not insufficient to regulate interapplication resource acquisition; another problem is that current work on feature learning is dedicated to modifying a single network structure, which may result in a suboptimal solution. In this study, to solve the abovementioned problems, we propose a novel malware detection framework MFEMDroid, which combines multitype features analysis and ensemble modeling. The Provider feature, facilitating information requests between applications (apps) and serving as an indispensable data storage method, plays a vital role in characterizing app behavior. Hence, we extract permissions and Provider features to comprehensively characterize app behavior and probe potentially dangerous combinations between or within these features. To address oversparse datasets and reduce feature learning overhead, we employ an auto\u2010encoder for feature dimensionality reduction. Furthermore, we design an ensemble network based on SENet, ResNet, and the evolutionary convolutional neural network Squeeze Excitation Residual Network (SEResNet) to explore the hidden associations between different types of features from multiple perspectives. We performed extensive experiments to evaluate its method performance on real\u2010world samples. The evaluation results demonstrate that the proposed framework can detect malware with an accuracy of 95.38%, which is much better than state\u2010of\u2010the\u2010art solutions. These promising experimental results show that MFEMDroid is an effective approach to detect Android malware.<\/jats:p>","DOI":"10.1049\/2024\/2850804","type":"journal-article","created":{"date-parts":[[2024,2,17]],"date-time":"2024-02-17T15:20:06Z","timestamp":1708183206000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling"],"prefix":"10.1049","volume":"2024","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0378-9739","authenticated-orcid":false,"given":"Wei","family":"Gu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3204-3457","authenticated-orcid":false,"given":"Hongyan","family":"Xing","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0223-7039","authenticated-orcid":false,"given":"Tianhao","family":"Hou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"265","published-online":{"date-parts":[[2024,2,17]]},"reference":[{"key":"e_1_2_10_1_2","doi-asserted-by":"crossref","unstructured":"BacciA. MartinelliF. MedvetE. andMercaldoF. VizMal: a visualization tool for analyzing the behavior of Android malware 2nd International Workshop on FORmal Methods for Security Engineering 2018.","DOI":"10.5220\/0006665005170525"},{"key":"e_1_2_10_2_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.12.014"},{"key":"e_1_2_10_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIoT.6488907"},{"key":"e_1_2_10_4_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103341"},{"key":"e_1_2_10_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2536605"},{"key":"e_1_2_10_6_2","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.1092"},{"key":"e_1_2_10_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2023.3241697"},{"key":"e_1_2_10_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.10206"},{"key":"e_1_2_10_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/34.709601"},{"key":"e_1_2_10_10_2","doi-asserted-by":"crossref","unstructured":"GaneshM. PednekarP. PrabhuswamyP. NairD. S. ParkY. andJeonH. CNN-based Android malware detection 2017 International Conference on Software Security and Assurance (ICSSA) 2017 IEEE 60\u201365.","DOI":"10.1109\/ICSSA.2017.18"},{"key":"e_1_2_10_11_2","doi-asserted-by":"publisher","DOI":"10.1038\/nature14539"},{"key":"e_1_2_10_12_2","doi-asserted-by":"crossref","unstructured":"XuY. XuD. HongX. OuyangW. JiR. XuM. andZhaoG. Structured modeling of joint deep feature and prediction refinement for salient object detection Proceedings of the IEEE\/CVF International Conference on Computer Vision 2020 IEEE.","DOI":"10.1109\/ICCV.2019.00389"},{"key":"e_1_2_10_13_2","unstructured":"WangS. LuH. andDengZ. Fast object detection in compressed video Proceedings of the IEEE\/CVF International Conference on Computer Vision 2020 IEEE 7104\u20137113."},{"key":"e_1_2_10_14_2","doi-asserted-by":"crossref","unstructured":"HinamiR. MeiT. andi. SatohS. Joint detection and recounting of abnormal events by learning deep generic knowledge Proceedings of the IEEE International Conference on Computer Vision (ICCV) 2017 IEEE.","DOI":"10.1109\/ICCV.2017.391"},{"key":"e_1_2_10_15_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cviu.2018.02.006"},{"key":"e_1_2_10_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-018-0803-6"},{"key":"e_1_2_10_17_2","doi-asserted-by":"publisher","DOI":"10.1049\/ise2.12030"},{"key":"e_1_2_10_18_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.04.007"},{"key":"e_1_2_10_19_2","doi-asserted-by":"publisher","DOI":"10.1002\/int.22529"},{"key":"e_1_2_10_20_2","doi-asserted-by":"crossref","unstructured":"DuH. YuanH. ZhaoP. ZhuangF. LiuG. ZhaoL. LiuY. andVictorS. Ensemble modeling with contrastive knowledge distillation for sequential recommendation 46th International ACM SIGIR Conference on Research and Development in Information Retrieval (SIGIR 2023) July 23\u201327 2023 Taipei China ACM.","DOI":"10.1145\/3539618.3591679"},{"key":"e_1_2_10_21_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2023.110941"},{"key":"e_1_2_10_22_2","unstructured":"KimC. W. Ntmaldetect: a machine learning approach to malware detection using native api system calls 2018 https:\/\/doi.org\/10.48550\/arXiv.1802.05412."},{"key":"e_1_2_10_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103277"},{"key":"e_1_2_10_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102686"},{"key":"e_1_2_10_25_2","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194019500037"},{"key":"e_1_2_10_26_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.02.002"},{"key":"e_1_2_10_27_2","doi-asserted-by":"crossref","unstructured":"KhariwalK. SinghJ. andAroraA. IPDroid: Android malware detection using intents and permissions 2020 Fourth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4) 2020.","DOI":"10.1109\/WorldS450073.2020.9210414"},{"key":"e_1_2_10_28_2","doi-asserted-by":"crossref","unstructured":"WangZ. LiG. ChiY. ZhangJ. YangT. andLiuQ. Android malware detection based on convolutional neural networks 3rd International Conference on Computer Science and Application Engineering 2019.","DOI":"10.1145\/3331453.3361306"},{"key":"e_1_2_10_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3423096"},{"key":"e_1_2_10_30_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118705"},{"key":"e_1_2_10_31_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2019.0159"},{"key":"e_1_2_10_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.12"},{"key":"e_1_2_10_33_2","doi-asserted-by":"publisher","DOI":"10.1142\/S0218126622503029"},{"key":"e_1_2_10_34_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.119952"},{"key":"e_1_2_10_35_2","unstructured":"Androguard Androguard 2022 https:\/\/github.com\/androguard\/androguard."},{"key":"e_1_2_10_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2866319"},{"key":"e_1_2_10_37_2","unstructured":"Android 6.0 Google Developer Documentation 2022 https:\/\/developer.android.google.cn\/guide\/topics\/manifest\/permission-element."},{"key":"e_1_2_10_38_2","unstructured":"VirusTotal VirusTotal 2022 https:\/\/www.virustotal.com\/ko."},{"key":"e_1_2_10_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2523912"},{"key":"e_1_2_10_40_2","doi-asserted-by":"crossref","unstructured":"HeK. ZhangX. RenS. andSunJ. Deep residual learning for image recognition Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition 2016 IEEE.","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_2_10_41_2","doi-asserted-by":"crossref","unstructured":"HuJ. ShenL. andSunG. Squeeze-and-excitation networks Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition 2018 IEEE.","DOI":"10.1109\/CVPR.2018.00745"},{"key":"e_1_2_10_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2017.2778147"},{"key":"e_1_2_10_43_2","first-page":"23","article-title":"Drebin: effective and explainable detection of Android malware in your pocket","volume":"14","author":"Arp D.","year":"2014","journal-title":"Network & Distributed System Security Symposium"},{"key":"e_1_2_10_44_2","doi-asserted-by":"crossref","unstructured":"NishimotoY. KajiwaraN. andMatsumotoS. ZiaT. ZomayaA. VaradharajanV. andMaoM. Detection of Android API call using logging mechanism within Android framework 127 International Conference on Security and Privacy in Communication Systems 2013 Cham Springer 393\u2013404 SecureComm 2013. Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering https:\/\/doi.org\/10.1007\/978-3-319-04283-1_25.","DOI":"10.1007\/978-3-319-04283-1_25"},{"key":"e_1_2_10_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2017.2789219"},{"key":"e_1_2_10_46_2","unstructured":"AgrawalR.andSrikantR. Fast algorithms for mining association rules in large databases VLDB \u201994: Proceedings of the 20th International Conference on Very Large Data Bases 1994 ACM 487\u2013499."}],"container-title":["IET Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/ietis\/2024\/2850804.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/ietis\/2024\/2850804.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/2024\/2850804","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T08:50:24Z","timestamp":1762332624000},"score":1,"resource":{"primary":{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/10.1049\/2024\/2850804"}},"subtitle":[],"editor":[{"given":"Leandros","family":"Maglaras","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2024,1]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1]]}},"alternative-id":["10.1049\/2024\/2850804"],"URL":"https:\/\/doi.org\/10.1049\/2024\/2850804","archive":["Portico"],"relation":{},"ISSN":["1751-8709","1751-8717"],"issn-type":[{"value":"1751-8709","type":"print"},{"value":"1751-8717","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1]]},"assertion":[{"value":"2023-07-21","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-02-03","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-02-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"2850804"}}