{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T05:02:14Z","timestamp":1773032534003,"version":"3.50.1"},"reference-count":54,"publisher":"Institution of Engineering and Technology (IET)","issue":"1","license":[{"start":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T00:00:00Z","timestamp":1760400000000},"content-version":"vor","delay-in-days":286,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/doi.wiley.com\/10.1002\/tdm_license_1.1"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2023YFD2201805"],"award-info":[{"award-number":["2023YFD2201805"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["ietresearch.onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["IET Software"],"published-print":{"date-parts":[[2025,1]]},"abstract":"<jats:p>Nowadays, the Android system is widely used in mobile devices. The existence of malware in the Android system has posed serious security risks. Therefore, detecting malware has become a main research focus for Android devices. The existing malware detection methods include those based on static analysis, dynamic analysis, and hybrid analysis. The dynamic analysis and hybrid analysis methods require the simulation of malware\u2019s execution in a certain environment, which often incurs high costs. With the aid of contemporary deep learning technology, static method can provide comparably good results without running software. To address these challenges, we propose a novel and efficient multimodel fusion (MMF) malware detection method. MMF innovatively integrates various static features, including application programming interface (API) call characteristics, request permission (RP) features, and bytecode image features. This fusion approach allows MMF to achieve high detection performance without the need for dynamic execution of the software. Compared to existing methods, MMF exhibits a higher accuracy rate of 99.4% and demonstrates superiority over baseline techniques in various metrics. Our comprehensive analysis and experiments confirm MMF\u2019s effectiveness and efficiency in detecting malware, making a significant contribution to the field of Android malware detection.<\/jats:p>","DOI":"10.1049\/sfw2\/1046015","type":"journal-article","created":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T13:52:13Z","timestamp":1760449933000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["MMF: A Lightweight Approach of Multimodel Fusion for Malware Detection"],"prefix":"10.1049","volume":"2025","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1928-7526","authenticated-orcid":false,"given":"Bo","family":"Yang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0004-3852-4827","authenticated-orcid":false,"given":"Mengbo","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2990-1614","authenticated-orcid":false,"given":"Li","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3125-4399","authenticated-orcid":false,"given":"Huai","family":"Liu","sequence":"additional","affiliation":[]}],"member":"265","published-online":{"date-parts":[[2025,10,14]]},"reference":[{"key":"e_1_2_12_1_2","doi-asserted-by":"crossref","unstructured":"SantosI. PenyaY. K. DevesaJ. andBringasP. G. N-Grams-Based File Signatures for Malware Detection ICEIS 2009 - Proceedings of the 11th International Conference on Enterprise Information Systems 2009 Milan Italy ICEIS.","DOI":"10.5220\/0001863603170320"},{"key":"e_1_2_12_2_2","doi-asserted-by":"crossref","unstructured":"DavidO.andNetanyahuN. S. DeepSign: Deep Learning for Automatic Malware Signature Generation and Classification 2015 International Joint Conference on Neural Networks (IJCNN) 2015 Killarney Ireland IEEE 1\u20138.","DOI":"10.1109\/IJCNN.2015.7280815"},{"key":"e_1_2_12_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2494522"},{"key":"e_1_2_12_4_2","doi-asserted-by":"crossref","unstructured":"AlzaylaeeM. K. YerimaS. Y. andSezerS. Dynalog: An Automated Dynamic Analysis Framework for Characterizing Android Applications 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) 2016 London UK IEEE 1\u20138.","DOI":"10.1109\/CyberSecPODS.2016.7502337"},{"key":"e_1_2_12_5_2","doi-asserted-by":"crossref","unstructured":"ChenS. XueM. TangZ. XuL. andZhuH. StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security 2016 Association for Computing Machinery.","DOI":"10.1145\/2897845.2897860"},{"key":"e_1_2_12_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2792941"},{"key":"e_1_2_12_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.08.020"},{"key":"e_1_2_12_8_2","first-page":"15","article-title":"Using Convolutional Neural Networks for Classification of Malware Represented as Images","volume":"15","author":"Llaurad\u00f3 D. G.","year":"2018","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"key":"e_1_2_12_9_2","unstructured":"WuY. ShiJ. WangP. ZengD. andSunC. Deepcatra: Learning Flow- and Graph-Based Behaviors for Android Malware Detection ArXiv 2022 abs\/2201.12876."},{"key":"e_1_2_12_10_2","doi-asserted-by":"crossref","unstructured":"MalikJ.andKaushalR. CREDROID: Android Malware Detection by Network Traffic Analysis Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile Computing 2016 Association for Computing Machinery 28\u201336.","DOI":"10.1145\/2940343.2940348"},{"key":"e_1_2_12_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2020.3019984"},{"key":"e_1_2_12_12_2","doi-asserted-by":"publisher","DOI":"10.1186\/s12879-021-06314-1"},{"key":"e_1_2_12_13_2","doi-asserted-by":"publisher","DOI":"10.4108\/eetsis.v9i4.2565"},{"key":"e_1_2_12_14_2","doi-asserted-by":"crossref","unstructured":"GaoJ. LiL. KongP. Bissyand\u00e9T. F. andKleinJ. Should you Consider Adware as Malware in Your Study? 2019 IEEE 26th International Conference on Software Analysis Evolution and Reengineering (SANER) 2019 Hangzhou China IEEE 604\u2013608.","DOI":"10.1109\/SANER.2019.8668010"},{"key":"e_1_2_12_15_2","doi-asserted-by":"crossref","unstructured":"XuH. ZhouY. GaoC. KangY. andLyuM. R. Spyaware: Investigating the Privacy Leakage Signatures in App Execution Traces 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE) 2015 IEEE 348\u2013358.","DOI":"10.1109\/ISSRE.2015.7381828"},{"key":"e_1_2_12_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10072-018-3364-8"},{"key":"e_1_2_12_17_2","doi-asserted-by":"crossref","unstructured":"DaiD. LiR. TangJ. DavanianA. andYinH. Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android Proceedings of the 25th ACM Symposium on Access Control Models and Technologies 2020 Association for Computing Machinery 25\u201332.","DOI":"10.1145\/3381991.3395608"},{"key":"e_1_2_12_18_2","doi-asserted-by":"publisher","DOI":"10.4018\/JCIT.20220701.oa6"},{"key":"e_1_2_12_19_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-023-00505-x"},{"key":"e_1_2_12_20_2","doi-asserted-by":"crossref","unstructured":"BernardinettiG. CaporasoP. CristofaroD. D. QuagliaF. andBianchiG. PHOENIX: A Cloud-Based Framework for Ensemble Malware Detection 2023 21st Mediterranean Communication and Computer Networking Conference (MedComNet) 2023 Island of Ponza Italy IEEE 11\u201314.","DOI":"10.1109\/MedComNet58619.2023.10168868"},{"key":"e_1_2_12_21_2","article-title":"Malware Detection by Risky Zone \u201cSignature\u201d Extraction From API Calls String Transformation Using (AOSSR) Technique","volume":"8","author":"Mohamed G. A. N.","year":"2020","journal-title":"International Journal of Recent Technology and Engineering"},{"key":"e_1_2_12_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3200741"},{"key":"e_1_2_12_23_2","doi-asserted-by":"crossref","unstructured":"LooseN. M\u00e4chtleF. PottC. BezsmertnyiV. M. andEisenbarthT. Madvex: Instrumentation-Based Adversarial Attacks on Machine Learning Malware Detection Detection of Intrusions and Malware and Vulnerability Assessment: 20th International Conference DIMVA 2023 Hamburg Germany July 12\u201314 2023 Proceedings 2023 Springer-Verlag 69\u201388.","DOI":"10.1007\/978-3-031-35504-2_4"},{"key":"e_1_2_12_24_2","unstructured":"KumarM. S. Ben.othmanJ. andSrinivasaganK. G. An Investigation on Wannacry Ransomware and Its Detection 2018 IEEE Symposium on Computers and Communications (ISCC) 2018 Natal Brazil IEEE 1\u20136."},{"key":"e_1_2_12_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.05.026"},{"key":"e_1_2_12_26_2","doi-asserted-by":"publisher","DOI":"10.1002\/ett.3675"},{"key":"e_1_2_12_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.11.005"},{"key":"e_1_2_12_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-021-05875-1"},{"key":"e_1_2_12_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-020-02196-4"},{"key":"e_1_2_12_30_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102622"},{"key":"e_1_2_12_31_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.06.006"},{"key":"e_1_2_12_32_2","doi-asserted-by":"crossref","unstructured":"HuangH. D. YuC. M. andKaoH. Y. R2-D2: ColoR-Inspired Convolutional Neural Network (CNN)-Based AndroiD Malware Detections 2018 IEEE International Conference on Big Data (Big Data) 2018 Seattle WA USA IEEE 2633\u20132642.","DOI":"10.1109\/BigData.2018.8622324"},{"key":"e_1_2_12_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2017.2789219"},{"key":"e_1_2_12_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-017-5104-0"},{"key":"e_1_2_12_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12065-020-00518-1"},{"key":"e_1_2_12_36_2","first-page":"1149","article-title":"SDAC: A Slow-Aging Solution for Android Malware Detection Using Semantic Distance Based API Clustering","volume":"19","author":"Xu J.","year":"2022","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_2_12_37_2","unstructured":"KarbabE. B. DebbabiM. DerhabA. andMouhebD. Android Malware Detection Using Deep Learning on API Method Sequences ArXiv 2017 abs\/1712.08996."},{"key":"e_1_2_12_38_2","doi-asserted-by":"crossref","unstructured":"YanJ. YanG. andJinD. Classifying Malware Represented as Control Flow Graphs Using Deep Graph Convolutional Neural Network 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) 2019 Portland OR USA IEEE 52\u201363.","DOI":"10.1109\/DSN.2019.00020"},{"key":"e_1_2_12_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2880731"},{"key":"e_1_2_12_40_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.121125"},{"key":"e_1_2_12_41_2","doi-asserted-by":"crossref","unstructured":"ArpD. SpreitzenbarthM. HubnerM. GasconH. andRieckK. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket Network and Distributed System Security Symposium (NDSS) 2014 NDSS.","DOI":"10.14722\/ndss.2014.23247"},{"key":"e_1_2_12_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2024.3363016"},{"key":"e_1_2_12_43_2","volume-title":"An Android Malware Detection Method Based on CNN Mixed-Data Model","author":"Nicheporuk A.","year":"2020"},{"key":"e_1_2_12_44_2","doi-asserted-by":"crossref","unstructured":"LiW. WangZ. CaiJ. andChengS. An Android Malware Detection Approach Using Weight-Adjusted Deep Learning 2018 International Conference on Computing Networking and Communications (ICNC) 2018 Maui HI USA IEEE 437\u2013441 https:\/\/doi.org\/10.1109\/ICCNC.2018.8390391 2-s2.0-85050090500.","DOI":"10.1109\/ICCNC.2018.8390391"},{"key":"e_1_2_12_45_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102718"},{"key":"e_1_2_12_46_2","doi-asserted-by":"publisher","DOI":"10.1142\/S0218126622503029"},{"key":"e_1_2_12_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2023.3281833"},{"key":"e_1_2_12_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_2_12_49_2","doi-asserted-by":"crossref","unstructured":"DashS. K. Suarez-TangilG. KhanS. TamK. AhmadiM. andKinderJ. DroidScribe: Classifying Android Malware Based on Runtime Behavior 2016 IEEE Security and Privacy Workshops (SPW) 2016 San Jose CA USA IEEE 252\u2013261.","DOI":"10.1109\/SPW.2016.25"},{"key":"e_1_2_12_50_2","doi-asserted-by":"crossref","unstructured":"MassarelliL. AnielloL. CiccotelliC. QuerzoniL. UcciD. andBaldoniR. Android Malware Family Classification Based on Resource Consumption Over Time 2017 12th International Conference on Malicious and Unwanted Software (MALWARE) 2017 Fajardo PR USA 31\u201338 https:\/\/doi.org\/10.1109\/MALWARE.2017.8323954 2-s2.0-85050394710.","DOI":"10.1109\/MALWARE.2017.8323954"},{"key":"e_1_2_12_51_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.119952"},{"key":"e_1_2_12_52_2","doi-asserted-by":"crossref","unstructured":"HeK. ZhangX. RenS. andSunJ. Deep Residual Learning for Image Recognition 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) 2016 Las Vegas NV USA IEEE 770\u2013778.","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_2_12_53_2","doi-asserted-by":"crossref","unstructured":"NatarajL. KarthikeyanS. JacobG. andManjunathB. S. Malware Images: Visualization and Automatic Classification Proceedings of the 8th International Symposium on Visualization for Cyber Security 2011 Association for Computing Machinery 1\u20137.","DOI":"10.1145\/2016904.2016908"},{"key":"e_1_2_12_54_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2007.10.042"}],"container-title":["IET Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/sfw2\/1046015","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/full-xml\/10.1049\/sfw2\/1046015","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/sfw2\/1046015","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T04:10:59Z","timestamp":1773029459000},"score":1,"resource":{"primary":{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/10.1049\/sfw2\/1046015"}},"subtitle":[],"editor":[{"given":"Nadeem","family":"Sarwar","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":54,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1]]}},"alternative-id":["10.1049\/sfw2\/1046015"],"URL":"https:\/\/doi.org\/10.1049\/sfw2\/1046015","archive":["Portico"],"relation":{},"ISSN":["1751-8806","1751-8814"],"issn-type":[{"value":"1751-8806","type":"print"},{"value":"1751-8814","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]},"assertion":[{"value":"2024-02-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-14","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"1046015"}}