{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T21:21:34Z","timestamp":1774041694324,"version":"3.50.1"},"reference-count":75,"publisher":"Wiley","issue":"1","license":[{"start":{"date-parts":[[2022,4,7]],"date-time":"2022-04-07T00:00:00Z","timestamp":1649289600000},"content-version":"vor","delay-in-days":96,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/doi.wiley.com\/10.1002\/tdm_license_1.1"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Complexity"],"published-print":{"date-parts":[[2022,1]]},"abstract":"\n Malware is a sophisticated, malicious, and sometimes unidentifiable application on the network. The classifying network traffic method using machine learning shows to perform well in detecting malware. In the literature, it is reported that this good performance can depend on a reduced set of network features. This study presents an empirical evaluation of two statistical methods of reduction and selection of features in an Android network traffic dataset using six supervised algorithms: Na\u00efve Bayes, support vector machine, multilayer perceptron neural network, decision tree, random forest, and K\u2010nearest neighbors. The principal component analysis (PCA) and logistic regression (LR) methods with\n p<\/jats:italic>\n value were applied to select the most representative features related to the time properties of flows and features of bidirectional packets. The selected features were used to train the algorithms using binary and multiclass classification. For performance evaluation and comparison metrics, precision, recall, F\u2010measure, accuracy, and area under the curve (AUC\u2010ROC) were used. The empirical results show that random forest obtains an average accuracy of 96% and an AUC\u2010ROC of 0.98 in binary classification. For the case of multiclass classification, again random forest achieves an average accuracy of 87% and an AUC\u2010ROC over 95%, exhibiting better performance than the other machine learning algorithms. In both experiments, the 13 most representative features of a mixed set of flow time properties and bidirectional network packets selected by LR were used. In the case of the other five classifiers, their results in terms of precision, recall, and accuracy, are competitive with those obtained in related works, which used a greater number of input features. Therefore, it is empirically evidenced that the proposed method for the selection of features, based on statistical techniques of reduction and extraction of attributes, allows improving the identification performance of malware traffic, discriminating it from the benign traffic of Android applications.\n <\/jats:p>","DOI":"10.1155\/2022\/6760920","type":"journal-article","created":{"date-parts":[[2022,4,7]],"date-time":"2022-04-07T21:20:09Z","timestamp":1649366409000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["An Empirical Evaluation of Supervised Learning Methods for Network Malware Identification Based on Feature Selection"],"prefix":"10.1155","volume":"2022","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5158-7310","authenticated-orcid":false,"given":"C.","family":"Manzano","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1112-4925","authenticated-orcid":false,"given":"C.","family":"Meneses","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0969-5139","authenticated-orcid":false,"given":"P.","family":"Leger","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1228-3186","authenticated-orcid":false,"given":"H.","family":"Fukuda","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2022,4,7]]},"reference":[{"key":"e_1_2_10_1_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2020.113400"},{"key":"e_1_2_10_2_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2020.101861"},{"key":"e_1_2_10_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01535-0_19"},{"key":"e_1_2_10_4_2","unstructured":"McAfee Labs McAfee Labs COVID-19 Threats Report scale and impact cyber-related attacks have 2020 https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-quarterly-threats-july-2020.pdf."},{"key":"e_1_2_10_5_2","doi-asserted-by":"crossref","unstructured":"BayazitE. C. SahingozO. K. andDoganB. Malware detection in android systems with traditional machine learning models: a survey Proceedings of the 2020 International Congress on Human-Computer Interaction Optimization and Robotic Applications (HORA) June 2020 Ankara Turkey IEEE 8 https:\/\/doi.org\/10.1109\/hora49412.2020.9152840.","DOI":"10.1109\/HORA49412.2020.9152840"},{"key":"e_1_2_10_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"e_1_2_10_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.06.004"},{"key":"e_1_2_10_8_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.07.052"},{"key":"e_1_2_10_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.012"},{"key":"e_1_2_10_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-73951-9_5"},{"key":"e_1_2_10_11_2","doi-asserted-by":"publisher","DOI":"10.34028\/iajit\/17\/4a\/4"},{"key":"e_1_2_10_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/mcom.2019.1800819"},{"key":"e_1_2_10_13_2","first-page":"2","article-title":"Lncs 7754 - data traffic monitoring and analysis","volume":"7754","author":"Biersack E.","year":"2013","journal-title":"Springer Berlin Heidelberg"},{"key":"e_1_2_10_14_2","first-page":"44","volume-title":"Lecture Notes in Computer Science","author":"Elovici Y.","year":"2007"},{"key":"e_1_2_10_15_2","article-title":"Evaluation of network traffic analysis using fuzzy C-means clustering algorithm in mobile malware detection","volume":"24","author":"Ali F.","year":"2018","journal-title":"Advanced Science Letters"},{"key":"e_1_2_10_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-72550-5_46"},{"key":"e_1_2_10_17_2","article-title":"The effects of dimensionality reduction in the classification of network traffic datasets via clustering","volume":"1","author":"Abbas M. L.","year":"2020","journal-title":"Journal of Applied Sciences"},{"key":"e_1_2_10_18_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.02.001"},{"key":"e_1_2_10_19_2","doi-asserted-by":"publisher","DOI":"10.3233\/ida-1997-1302"},{"key":"e_1_2_10_20_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.peva.2010.01.001"},{"key":"e_1_2_10_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.3006143"},{"key":"e_1_2_10_22_2","doi-asserted-by":"crossref","unstructured":"PrakashM. C. LiuL. SahaS. TanP.-N. andNucciA. Combining supervised and unsupervised learning for zero-day malware detection Proceedings of the 2013 IEEE INFOCOM April 2013 Turin Italy IEEE 2022\u20132030 https:\/\/doi.org\/10.1109\/infcom.2013.6567003 2-s2.0-84883108795.","DOI":"10.1109\/INFCOM.2013.6567003"},{"key":"e_1_2_10_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2019.102526"},{"key":"e_1_2_10_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313391"},{"key":"e_1_2_10_25_2","doi-asserted-by":"crossref","DOI":"10.1186\/s13388-016-0027-2","article-title":"Detecting obfuscated malware using reduced opcode set and optimised runtime trace","volume":"5","author":"O\u2019kane P.","year":"2016","journal-title":"Security Informatics"},{"key":"e_1_2_10_26_2","doi-asserted-by":"publisher","DOI":"10.3390\/fi9040081"},{"key":"e_1_2_10_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2020.02.131"},{"key":"e_1_2_10_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/ccst.2018.8585560"},{"key":"e_1_2_10_29_2","doi-asserted-by":"crossref","unstructured":"MaricontiE. OnwuzurikeL. AndriotisP. CristofaroE. De RossG. andStringhiniG. MaMaDroid: detecting android malware by building Markov chains of behavioral models Proceedings of the 2017 Network and Distributed System Security Symposium February 2017 Reston VA Internet Society 7129\u20137131 https:\/\/doi.org\/10.14722\/ndss.2017.23353.","DOI":"10.14722\/ndss.2017.23353"},{"key":"e_1_2_10_30_2","doi-asserted-by":"publisher","DOI":"10.1063\/1.4992953"},{"key":"e_1_2_10_31_2","doi-asserted-by":"crossref","unstructured":"HanX.andOlivierB. Interpretable and adversarially-resistant behavioral malware signatures Proceedings of the 35th Annual ACM Symposium on Applied Computing March 2020 New York NY USA Association for Computing Machinery https:\/\/doi.org\/10.1145\/3341105.3373854.","DOI":"10.1145\/3341105.3373854"},{"key":"e_1_2_10_32_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_11"},{"key":"e_1_2_10_33_2","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.3912"},{"key":"e_1_2_10_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-016-2564-5"},{"key":"e_1_2_10_35_2","article-title":"Principal component analysis: a review and recent developments","volume":"374","author":"Jollife I. T.","year":"2016","journal-title":"Philosophical Transactions of the Royal Society A: Mathematical, Physical & Engineering Sciences"},{"key":"e_1_2_10_36_2","volume-title":"Principal Component Analysis","author":"Jolliffe I. T","year":"2002"},{"key":"e_1_2_10_37_2","doi-asserted-by":"publisher","DOI":"10.4135\/9781412983433"},{"key":"e_1_2_10_38_2","volume-title":"Regression Analysis by Example","author":"Chatterjee S.","year":"2013"},{"key":"e_1_2_10_39_2","first-page":"118","article-title":"Valor de p inferior a 0\u2019005: \u00bfqu\u00e9 significa en realidad?","volume":"63","author":"Kain Z.","year":"2007","journal-title":"Pediatrics"},{"key":"e_1_2_10_40_2","doi-asserted-by":"publisher","DOI":"10.1590\/s1806-37132015000000215"},{"key":"e_1_2_10_41_2","first-page":"118","article-title":"A comparison of ordinary least squares and logistic regression","volume":"103","author":"Pohlmann J. T.","year":"2003","journal-title":"Ohio Journal of Science"},{"key":"e_1_2_10_42_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-24274-9_26"},{"key":"e_1_2_10_43_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-012-9368-7"},{"key":"e_1_2_10_44_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2015.05.089"},{"key":"e_1_2_10_45_2","doi-asserted-by":"publisher","DOI":"10.3390\/math9070751"},{"key":"e_1_2_10_46_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107639"},{"key":"e_1_2_10_47_2","doi-asserted-by":"crossref","unstructured":"ChidlovskiiB.andLecerfL. Scalable feature selection for multi-class problems Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases 2008 September Antwerp Belgium Springer 227\u2013240.","DOI":"10.1007\/978-3-540-87479-9_33"},{"key":"e_1_2_10_48_2","doi-asserted-by":"crossref","unstructured":"MurtazM. HassanA. Syed BaqirA. andRehmanS. A framework for android malware detection and classification Proceedings of the 2018 IEEE 5th International Conference on Engineering Technologies and Applied Sciences (ICETAS) November 2018 Bangkok Thailand IEEE 1\u20135 https:\/\/doi.org\/10.1109\/icetas.2018.8629270 2-s2.0-85062839010.","DOI":"10.1109\/ICETAS.2018.8629270"},{"key":"e_1_2_10_49_2","doi-asserted-by":"crossref","unstructured":"AbuthawabehM. K. A.andMahmoudK. W. Android malware detection and categorization based on conversation-level network traffic features Proceedings of the 2019 International Arab Conference on Information Technology (ACIT) December 2019 Al Ain United Arab Emirates IEEE 42\u201347 https:\/\/doi.org\/10.1109\/acit47987.2019.8991114.","DOI":"10.1109\/ACIT47987.2019.8991114"},{"key":"e_1_2_10_50_2","doi-asserted-by":"publisher","DOI":"10.1023\/a:1010933404324"},{"key":"e_1_2_10_51_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107247"},{"key":"e_1_2_10_52_2","doi-asserted-by":"crossref","unstructured":"KulkarniV. Y. PetareM. andSinhaP. K. Analyzing random forest classifier with different split measures Advances in Intelligent Systems and Computing Proceedings of the Second International Conference on Soft Computing for Problem Solving (SocProS 2012) December 2012 New York NY USA Springer 691\u2013699 https:\/\/doi.org\/10.1007\/978-81-322-1602-5_74 2-s2.0-84928042807.","DOI":"10.1007\/978-81-322-1602-5_74"},{"key":"e_1_2_10_53_2","volume-title":". Discriminatory Analysis. Nonparametric Discrimination: Consistency Properties","author":"Fix E.","year":"1951"},{"key":"e_1_2_10_54_2","doi-asserted-by":"publisher","DOI":"10.1080\/00031305.1992.10475879"},{"key":"e_1_2_10_55_2","article-title":"Comparing correlation coefficients as dissimilarity measures for cancer classification in gene expression data","volume":"1","author":"Jaskowiak P. A.","year":"2011","journal-title":"VI Brazilian Symposium on Bioinformatics (BSB2011)"},{"key":"e_1_2_10_56_2","first-page":"1970","article-title":"Android malware detection using decision trees and network traffic","volume":"7","author":"Sharma D.","year":"2016","journal-title":"International Journal of Computer Science and Information Technologies"},{"key":"e_1_2_10_57_2","doi-asserted-by":"publisher","DOI":"10.3233\/IDA-2010-0421"},{"key":"e_1_2_10_58_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eij.2011.04.003"},{"key":"e_1_2_10_59_2","doi-asserted-by":"publisher","DOI":"10.1002\/9780470979174"},{"key":"e_1_2_10_60_2","doi-asserted-by":"crossref","unstructured":"SamantrayOm P.andTripathyS. N. A knowledge-domain analyser for malware classification Proceedings of the 2020 International Conference on Computer Science Engineering and Applications (ICCSEA) March 2020 Gunupur India IEEE 1\u20137 https:\/\/doi.org\/10.1109\/iccsea49143.2020.9132916.","DOI":"10.1109\/ICCSEA49143.2020.9132916"},{"key":"e_1_2_10_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/access.2019.2912896"},{"key":"e_1_2_10_62_2","volume-title":"Data Mining: Concepts and Techniques: Concepts and Techniques","author":"Han J.","year":"2012"},{"key":"e_1_2_10_63_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2013.11.024"},{"key":"e_1_2_10_64_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2017.04.044"},{"key":"e_1_2_10_65_2","unstructured":"TanA. C.andGilbertD. An empirical comparison of supervised machine learning techniques in bioinformatics 19 Proceedings of the First Asia-Pacific Bioinformatics Conference on Bioinformatics 2003 April 2003 Sydney NSW Australian Computer Society 219\u2013222."},{"key":"e_1_2_10_66_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-11196-0_56"},{"key":"e_1_2_10_67_2","doi-asserted-by":"crossref","unstructured":"NoorbehbahaniF. RasouliF. andSaberiM. Analysis of machine learning techniques for ransomware detection Proceedings of the 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) August 2019 Mashhad Iran IEEE 5 https:\/\/doi.org\/10.1109\/iscisc48546.2019.8985139.","DOI":"10.1109\/ISCISC48546.2019.8985139"},{"key":"e_1_2_10_68_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-018-2263-3"},{"key":"e_1_2_10_69_2","doi-asserted-by":"crossref","unstructured":"BekermanD. ShapiraB. RokachL. andBarA. Unknown malware detection using network traffic classification Proceedings of the 2015 IEEE Conference on Communications and NetworkSecurity CNS 2015 september 2015 Florence Italy IEEE 134\u2013142 https:\/\/doi.org\/10.1109\/cns.2015.7346821 2-s2.0-84966320780.","DOI":"10.1109\/CNS.2015.7346821"},{"key":"e_1_2_10_70_2","doi-asserted-by":"crossref","unstructured":"LashkariA. H. AkadirA. F. GonzalezH. MbahK. F. andGhorbaniA. A. Towards a network-based framework for android malware detection and characterization Proceedings of the 2017 15th Annual Conference on Privacy Security and Trust PST 2017 September 2018 Institute of Electrical and Electronics Engineers Inc. 233\u2013242 https:\/\/doi.org\/10.1109\/pst.2017.00035 2-s2.0-85055884583.","DOI":"10.1109\/PST.2017.00035"},{"key":"e_1_2_10_71_2","doi-asserted-by":"publisher","DOI":"10.18517\/ijaseit.10.2.10238"},{"key":"e_1_2_10_72_2","doi-asserted-by":"crossref","unstructured":"Hernandez JimenezJ. M. J.andGoseva-PopstojanovaK. The effect on network flows-based features and training set size on malware detection 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA) Proceedings of the 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA) November 2018 Cambridge MA USA IEEE 1\u20139 https:\/\/doi.org\/10.1109\/NCA.2018.8548325 2-s2.0-85059990295.","DOI":"10.1109\/NCA.2018.8548325"},{"key":"e_1_2_10_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2017.2771228"},{"key":"e_1_2_10_74_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.02.009"},{"key":"e_1_2_10_75_2","doi-asserted-by":"crossref","unstructured":"ManzanoC. MenesesC. andLegerP. An empirical comparison of supervised algorithms for ransomware identification on network traffic Proceedings of the International Conference of the Chilean Computer Science Society SCCC November 2020 Coquimbo Chile IEEE 7 https:\/\/doi.org\/10.1109\/sccc51225.2020.9281283.","DOI":"10.1109\/SCCC51225.2020.9281283"}],"container-title":["Complexity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1155\/2022\/6760920","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1155\/2022\/6760920","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1155\/2022\/6760920","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T21:29:04Z","timestamp":1769117344000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1155\/2022\/6760920"}},"subtitle":[],"editor":[{"given":"Giacomo","family":"Fiumara","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2022,1]]},"references-count":75,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1]]}},"alternative-id":["10.1155\/2022\/6760920"],"URL":"https:\/\/doi.org\/10.1155\/2022\/6760920","archive":["Portico"],"relation":{},"ISSN":["1076-2787","1099-0526"],"issn-type":[{"value":"1076-2787","type":"print"},{"value":"1099-0526","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1]]},"assertion":[{"value":"2021-11-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-03-05","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-04-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"6760920"}}