{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T16:15:51Z","timestamp":1776442551569,"version":"3.51.2"},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T00:00:00Z","timestamp":1667433600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T00:00:00Z","timestamp":1667433600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["RGPIN-2020-05363"],"award-info":[{"award-number":["RGPIN-2020-05363"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cloud Comp"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Android is the most widely used mobile platform, making it a prime target for malicious attacks. Therefore, it is imperative to effectively circumvent these attacks. Recently, machine learning has been a promising solution for malware detection, which relies on distinguishing features. While machine learning-based malware scanners have a large number of features, adversaries can avoid detection by using feature-related expertise. Therefore, one of the main tasks of the Android security industry is to consistently propose cutting-edge features that can detect suspicious activity. This study presents a novel feature representation approach for malware detection that combines API-Call Graphs (ACGs) with byte-level image representation. First, the reverse engineering procedure is used to obtain the Java programming codes and Dalvik Executable (DEX) file from Android Package Kit (APK). Second, to depict Android apps with high-level features, we develop ACGs by mining API-Calls and API sequences from Control Flow Graph (CFG). The ACGs can act as a digital fingerprint of the actions taken by Android apps. Next, the multi-head attention-based transfer learning method is used to extract trained features vector from ACGs. Third, the DEX file is converted to a malware image, and the texture features are extracted and highlighted using a combination of FAST (Features from Accelerated Segment Test) and BRIEF (Binary Robust Independent Elementary Features). Finally, the ACGs and texture features are combined for effective malware detection and classification. The proposed method uses a customized dataset prepared from the CIC-InvesAndMal2019 dataset and outperforms state-of-the-art methods with 99.27% accuracy.<\/jats:p>","DOI":"10.1186\/s13677-022-00349-8","type":"journal-article","created":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T12:03:01Z","timestamp":1667476981000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":40,"title":["A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization"],"prefix":"10.1186","volume":"11","author":[{"given":"Farhan","family":"Ullah","sequence":"first","affiliation":[]},{"given":"Gautam","family":"Srivastava","sequence":"additional","affiliation":[]},{"given":"Shamsher","family":"Ullah","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,11,3]]},"reference":[{"key":"349_CR1","doi-asserted-by":"publisher","unstructured":"Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011) A survey of mobile malware in the wild. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM pp 3\u201314. https:\/\/doi.org\/10.1145\/2046614.2046618","DOI":"10.1145\/2046614.2046618"},{"issue":"4","key":"349_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3017427","volume":"49","author":"K Tam","year":"2017","unstructured":"Tam K, Feizollah A, Anuar NB, Salleh R, Cavallaro L (2017) The evolution of android malware and android analysis techniques. ACM Comput Surv (CSUR) 49(4):1\u201341","journal-title":"ACM Comput Surv (CSUR)"},{"key":"349_CR3","doi-asserted-by":"publisher","first-page":"21235","DOI":"10.1109\/ACCESS.2019.2896003","volume":"7","author":"Z Ma","year":"2019","unstructured":"Ma Z, Ge H, Liu Y, Zhao M, Ma J (2019) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235\u201321245","journal-title":"IEEE Access"},{"key":"349_CR4","doi-asserted-by":"publisher","first-page":"102513","DOI":"10.1016\/j.cose.2021.102513","volume":"112","author":"F Ou","year":"2022","unstructured":"Ou F, Xu J (2022) S3feature: A static sensitive subgraph-based feature for android malware detection. Comput Secur 112:102513","journal-title":"Comput Secur"},{"key":"349_CR5","doi-asserted-by":"publisher","first-page":"S77","DOI":"10.1016\/j.diin.2019.01.017","volume":"28","author":"EB Karbab","year":"2019","unstructured":"Karbab EB, Debbabi M (2019) Maldy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports. Digit Investig 28:S77\u2013S87","journal-title":"Digit Investig"},{"key":"349_CR6","doi-asserted-by":"publisher","unstructured":"Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM pp 1105\u20131116. https:\/\/doi.org\/10.1145\/2660267.2660359","DOI":"10.1145\/2660267.2660359"},{"issue":"11","key":"349_CR7","doi-asserted-by":"crossref","first-page":"e3789","DOI":"10.1002\/ett.3789","volume":"31","author":"DL Vu","year":"2020","unstructured":"Vu DL, Nguyen TK, Nguyen TV, Nguyen TN, Massacci F, Phung PH (2020) Hit4mal: Hybrid image transformation for malware classification. Trans Emerg Telecommun Technol 31(11):e3789","journal-title":"Trans Emerg Telecommun Technol"},{"key":"349_CR8","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1016\/j.compeleceng.2017.02.013","volume":"61","author":"N Milosevic","year":"2017","unstructured":"Milosevic N, Dehghantanha A, Choo KKR (2017) Machine learning aided android malware classification. Comput Electr Eng 61:266\u2013274","journal-title":"Comput Electr Eng"},{"issue":"2","key":"349_CR9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2008","unstructured":"Egele M, Scholte T, Kirda E, Kruegel C (2008) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):1\u201342","journal-title":"ACM Comput Surv (CSUR)"},{"issue":"6","key":"349_CR10","doi-asserted-by":"publisher","first-page":"1012","DOI":"10.1016\/j.jcss.2014.12.014","volume":"81","author":"P Wang","year":"2015","unstructured":"Wang P, Wang YS (2015) Malware behavioural detection and vaccine development by using a support vector model classifier. J Comput Syst Sci 81(6):1012\u20131026","journal-title":"J Comput Syst Sci"},{"key":"349_CR11","doi-asserted-by":"publisher","first-page":"67602","DOI":"10.1109\/ACCESS.2019.2918139","volume":"7","author":"W Wang","year":"2019","unstructured":"Wang W, Zhao M, Gao Z, Xu G, Xian H, Li Y, Zhang X (2019) Constructing features for detecting android malicious applications: issues, taxonomy and directions. IEEE Access 7:67602\u201367631","journal-title":"IEEE Access"},{"key":"349_CR12","first-page":"102828","volume":"59","author":"A Abusitta","year":"2021","unstructured":"Abusitta A, Li MQ, Fung BC (2021) Malware classification and composition analysis: A survey of recent developments. J Inf Secur Appl 59:102828","journal-title":"J Inf Secur Appl"},{"key":"349_CR13","doi-asserted-by":"publisher","unstructured":"Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th innovations in software engineering conference. ACM pp 202\u2013210. https:\/\/doi.org\/10.1145\/3021460.3021485","DOI":"10.1145\/3021460.3021485"},{"key":"349_CR14","doi-asserted-by":"publisher","unstructured":"Alasmary H, Abusnaina A, Jang R, Abuhamad M, Anwar A, Nyang D, Mohaisen D (2020) Soteria: Detecting adversarial examples in control flow graph-based malware classifiers. In: 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). IEEE pp 888\u2013898. https:\/\/doi.org\/10.1109\/ICDCS47774.2020.00089","DOI":"10.1109\/ICDCS47774.2020.00089"},{"key":"349_CR15","doi-asserted-by":"crossref","unstructured":"Arslan RS, Tasyurek M (2022) Amd-cnn: Android malware detection via feature graph and convolutional neural networks. Concurr Comput Pract Experience 34:e7180","DOI":"10.1002\/cpe.7180"},{"key":"349_CR16","doi-asserted-by":"publisher","first-page":"118073","DOI":"10.1016\/j.eswa.2022.118073","volume":"208","author":"S Kumar","year":"2022","unstructured":"Kumar S, Janet B, Neelakantan S (2022) Identification of malware families using stacking of textural features and machine learning. Expert Syst Appl 208:118073","journal-title":"Expert Syst Appl"},{"key":"349_CR17","doi-asserted-by":"publisher","first-page":"102386","DOI":"10.1016\/j.cose.2021.102386","volume":"109","author":"T Frenklach","year":"2021","unstructured":"Frenklach T, Cohen D, Shabtai A, Puzis R (2021) Android malware detection via an app similarity graph. Comput Secur 109:102386","journal-title":"Comput Secur"},{"issue":"5","key":"349_CR18","doi-asserted-by":"publisher","first-page":"567","DOI":"10.1007\/s10207-019-00475-6","volume":"19","author":"HT Nguyen","year":"2020","unstructured":"Nguyen HT, Ngo QD, Le VH (2020) A novel graph-based approach for iot botnet detection. Int J Inf Secur 19(5):567\u2013577","journal-title":"Int J Inf Secur"},{"issue":"2","key":"349_CR19","doi-asserted-by":"publisher","first-page":"1027","DOI":"10.1007\/s00500-019-03940-5","volume":"24","author":"A Pekta\u015f","year":"2020","unstructured":"Pekta\u015f A, Acarman T (2020) Deep learning for effective android malware detection using api call graph embeddings. Soft Comput 24(2):1027\u20131043","journal-title":"Soft Comput"},{"key":"349_CR20","first-page":"103063","volume":"64","author":"S Kumar","year":"2022","unstructured":"Kumar S, Janet B (2022) Dtmic: Deep transfer learning for malware image classification. J Inf Secur Appl 64:103063","journal-title":"J Inf Secur Appl"},{"key":"349_CR21","doi-asserted-by":"crossref","unstructured":"Gonzalez H, Kadir AA, Stakhanova N, Alzahrani AJ, Ghorbani AA (2015) Exploring reverse engineering symptoms in android apps. In: Proceedings of the Eighth European Workshop on System Security. pp 1\u20137","DOI":"10.1145\/2751323.2751330"},{"issue":"11","key":"349_CR22","doi-asserted-by":"publisher","first-page":"3115","DOI":"10.1007\/s13042-020-01246-9","volume":"12","author":"F Ullah","year":"2021","unstructured":"Ullah F, Naeem MR, Mostarda L, Shah SA (2021) Clone detection in 5g-enabled social iot system using graph semantics and deep learning model. Int J Mach Learn Cybern 12(11):3115\u20133127","journal-title":"Int J Mach Learn Cybern"},{"key":"349_CR23","doi-asserted-by":"publisher","unstructured":"Yan J, Yan G, Jin D (2019) Classifying malware represented as control flow graphs using deep graph convolutional neural network. In: 2019 49th annual IEEE\/IFIP international conference on dependable systems and networks (DSN). IEEE pp 52\u201363. https:\/\/doi.org\/10.1109\/DSN.2019.00020","DOI":"10.1109\/DSN.2019.00020"},{"key":"349_CR24","doi-asserted-by":"publisher","first-page":"154290","DOI":"10.1109\/ACCESS.2019.2946594","volume":"7","author":"Z Gao","year":"2019","unstructured":"Gao Z, Feng A, Song X, Wu X (2019) Target-dependent sentiment classification with bert. IEEE Access 7:154290\u2013154299","journal-title":"IEEE Access"},{"key":"349_CR25","doi-asserted-by":"publisher","unstructured":"Oak R, Du M, Yan D, Takawale H, Amit I (2019) Malware detection on highly imbalanced data through sequence modeling. In: Proceedings of the 12th ACM Workshop on artificial intelligence and security. ACM\u00a0pp 37\u201348. https:\/\/doi.org\/10.1145\/3338501.3357374","DOI":"10.1145\/3338501.3357374"},{"issue":"5","key":"349_CR26","doi-asserted-by":"publisher","first-page":"1188","DOI":"10.1109\/TRO.2012.2197158","volume":"28","author":"D G\u00e1lvez-L\u00f3pez","year":"2012","unstructured":"G\u00e1lvez-L\u00f3pez D, Tardos JD (2012) Bags of binary words for fast place recognition in image sequences. IEEE Trans Robot 28(5):1188\u20131197","journal-title":"IEEE Trans Robot"},{"issue":"15","key":"349_CR27","doi-asserted-by":"publisher","first-page":"5883","DOI":"10.3390\/s22155883","volume":"22","author":"F Ullah","year":"2022","unstructured":"Ullah F, Ullah S, Naeem MR, Mostarda L, Rho S, Cheng X (2022) Cyber-threat detection system using a hybrid approach of transfer learning and multi-model image representation. Sensors 22(15):5883","journal-title":"Sensors"},{"key":"349_CR28","doi-asserted-by":"publisher","unstructured":"Lee WY, Saxe J, Harang R (2019) Seqdroid: Obfuscated android malware detection using stacked convolutional and recurrent neural networks. In: Deep learning applications for cyber security. Springer\u00a0pp 197\u2013210. https:\/\/doi.org\/10.1007\/978-3-030-13057-2_9","DOI":"10.1007\/978-3-030-13057-2_9"},{"issue":"2","key":"349_CR29","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1109\/TCYB.2017.2777960","volume":"49","author":"SY Yerima","year":"2018","unstructured":"Yerima SY, Sezer S (2018) Droidfusion: A novel multilevel classifier fusion approach for android malware detection. IEEE Trans Cybern 49(2):453\u2013466","journal-title":"IEEE Trans Cybern"},{"issue":"4","key":"349_CR30","doi-asserted-by":"publisher","first-page":"1533","DOI":"10.1007\/s10664-015-9401-9","volume":"21","author":"L Jonsson","year":"2016","unstructured":"Jonsson L, Borg M, Broman D, Sandahl K, Eldh S, Runeson P (2016) Automated bug assignment: Ensemble-based machine learning in large scale industrial contexts. Empir Softw Eng 21(4):1533\u20131578","journal-title":"Empir Softw Eng"},{"key":"349_CR31","doi-asserted-by":"publisher","unstructured":"Taheri L, Kadir AFA, Lashkari AH (2019) Extensible android malware detection and family classification using network-flows and api-calls. In: 2019 International Carnahan Conference on Security Technology (ICCST). IEEE pp 1\u20138. https:\/\/doi.org\/10.1109\/CCST.2019.8888430","DOI":"10.1109\/CCST.2019.8888430"}],"container-title":["Journal of Cloud Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-022-00349-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13677-022-00349-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-022-00349-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T00:54:35Z","timestamp":1701305675000},"score":1,"resource":{"primary":{"URL":"https:\/\/journalofcloudcomputing.springeropen.com\/articles\/10.1186\/s13677-022-00349-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,3]]},"references-count":31,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["349"],"URL":"https:\/\/doi.org\/10.1186\/s13677-022-00349-8","relation":{},"ISSN":["2192-113X"],"issn-type":[{"value":"2192-113X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,3]]},"assertion":[{"value":"12 September 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 October 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 November 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"75"}}