{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T18:31:23Z","timestamp":1777660283752,"version":"3.51.4"},"reference-count":56,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2021,2,10]],"date-time":"2021-02-10T00:00:00Z","timestamp":1612915200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Informatics"],"abstract":"<jats:p>In this Internet age, there are increasingly many threats to the security and safety of users daily. One of such threats is malicious software otherwise known as malware (ransomware, Trojans, viruses, etc.). The effect of this threat can lead to loss or malicious replacement of important information (such as bank account details, etc.). Malware creators have been able to bypass traditional methods of malware detection, which can be time-consuming and unreliable for unknown malware. This motivates the need for intelligent ways to detect malware, especially new malware which have not been evaluated or studied before. Machine learning provides an intelligent way to detect malware and comprises two stages: feature extraction and classification. This study suggests an ensemble learning-based method for malware detection. The base stage classification is done by a stacked ensemble of fully-connected and one-dimensional convolutional neural networks (CNNs), whereas the end-stage classification is done by a machine learning algorithm. For a meta-learner, we analyzed and compared 15 machine learning classifiers. For comparison, five machine learning algorithms were used: na\u00efve Bayes, decision tree, random forest, gradient boosting, and AdaBoosting. The results of experiments made on the Windows Portable Executable (PE) malware dataset are presented. The best results were obtained by an ensemble of seven neural networks and the ExtraTrees classifier as a final-stage classifier.<\/jats:p>","DOI":"10.3390\/informatics8010010","type":"journal-article","created":{"date-parts":[[2021,2,12]],"date-time":"2021-02-12T16:12:10Z","timestamp":1613146330000},"page":"10","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":84,"title":["Windows PE Malware Detection Using Ensemble Learning"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1475-2612","authenticated-orcid":false,"given":"Nureni Ayofe","family":"Azeez","sequence":"first","affiliation":[{"name":"Department of Computer Sciences, Faculty of Science, University of Lagos, Lagos 100001, Nigeria"}]},{"given":"Oluwanifise Ebunoluwa","family":"Odufuwa","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Faculty of Science, University of Lagos, Lagos 100001, Nigeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3556-9331","authenticated-orcid":false,"given":"Sanjay","family":"Misra","sequence":"additional","affiliation":[{"name":"Center of ICT\/ICE Research, CUCRID, Covenant University, Ota 112212, Nigeria"},{"name":"Department of Computer Engineering, Atilim University, Ankara 06830, Turkey"}]},{"given":"Jonathan","family":"Oluranti","sequence":"additional","affiliation":[{"name":"Center of ICT\/ICE Research, CUCRID, Covenant University, Ota 112212, Nigeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9990-1084","authenticated-orcid":false,"given":"Robertas","family":"Dama\u0161evi\u010dius","sequence":"additional","affiliation":[{"name":"Department of Applied Informatics, Vytautas Magnus University, 44404 Kaunas, Lithuania"}]}],"member":"1968","published-online":{"date-parts":[[2021,2,10]]},"reference":[{"key":"ref_1","unstructured":"International Telecommunication Union (2019, November 20). Statistics. Available online: https:\/\/www.itu.int\/en\/ITU-D\/Statistics\/Pages\/publications\/yb2018.aspx."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Namanya, A.P., Cullen, A., Awan, I.U., and Disso, J.P. (2018, January 6\u20138). The World of Malware: An Overview. Proceedings of the IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud 2018), Barcelona, Spain.","DOI":"10.1109\/FiCloud.2018.00067"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"102526","DOI":"10.1016\/j.jnca.2019.102526","article-title":"The rise of machine learning for detection and classification of malware: Research developments, trends and challenges","volume":"153","author":"Gilbert","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/978-981-15-0372-6_17","article-title":"An experimental approach to unravel effects of malware on system network interface","volume":"Volume 612","author":"Subairu","year":"2020","journal-title":"Advances in Data Sciences, Security and Applications"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1504\/IJESDF.2020.106318","article-title":"Identifying phishing attacks in communication networks using URL consistency features","volume":"12","author":"Azeez","year":"2020","journal-title":"Int. J. Electron. Secur. Digit. Forensics"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Yong, B., Wei, W., Li, K., Shen, J., Zhou, Q., Wozniak, M., and Dama\u0161evi\u010dius, R. (2020). Ensemble machine learning approaches for webshell detection in internet of things environments. Trans. Emerg. Telecommun. Technol.","DOI":"10.1002\/ett.4085"},{"key":"ref_7","first-page":"39","article-title":"Algorithm research of known-plaintext attack on double random phase mask based on WSNs","volume":"20","author":"Wei","year":"2019","journal-title":"J. Internet Technol."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/s11416-015-0247-x","article-title":"Network malware classification comparison using dpi and flow packet headers","volume":"12","author":"Boukhtouta","year":"2016","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"153","DOI":"10.25073\/jaec.201712.64","article-title":"Malware Detection Based on Multiple PE Headers Identification and Optimization for Specific Types of Files","volume":"1","author":"Zatloukal","year":"2017","journal-title":"J. Adv. Eng. Comput."},{"key":"ref_10","first-page":"255","article-title":"Android malware detection: A survey","volume":"Volume 942","author":"Odusami","year":"2018","journal-title":"Applied Informatics. ICAI 2018"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3003816","article-title":"On the security of machine learning in malware detection: A survey","volume":"49","author":"Gardiner","year":"2016","journal-title":"ACM Comput. Surv."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3073559","article-title":"A survey on malware detection using data mining techniques","volume":"50","author":"Ye","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1186\/s13673-018-0125-x","article-title":"A state-of-the-art survey of malware detection approaches using data mining techniques","volume":"8","author":"Souri","year":"2018","journal-title":"Hum. Centric Comput. Inf. Sci."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_15","first-page":"336","article-title":"Signature Generation and Detection of Malware Families","volume":"Volume 5107","author":"Mu","year":"2008","journal-title":"Information Security and Privacy, Proceedings of the Australasian Conference on Information Security and Privacy, ACISP 2008, Wollongong, Australia, 7\u20139 July 2008"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1016\/j.eswa.2019.04.064","article-title":"A multi-level deep learning system for malware detection","volume":"133","author":"Zhong","year":"2019","journal-title":"Expert Syst. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"46717","DOI":"10.1109\/ACCESS.2019.2906934","article-title":"Robust intelligent malware detection using deep learning","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"ref_18","first-page":"377","article-title":"A hybrid deep learning image-based analysis for effective malware detection","volume":"47","author":"Venkatraman","year":"2019","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Lu, T., Du, Y., Ouyang, L., Chen, Q., and Wang, X. (2020). Android malware detection based on a hybrid deep learning model. Secur. Commun. Netw.","DOI":"10.1155\/2020\/8863617"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1016\/j.ins.2020.08.082","article-title":"AI-HydRa: Advanced hybrid approach using random forest and deep learning for malware classification","volume":"546","author":"Yoo","year":"2021","journal-title":"Inf. Sci."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Nisa, M., Shah, J.H., Kanwal, S., Raza, M., Khan, M.A., Dama\u0161evi\u010dius, R., and Bla\u017eauskas, T. (2020). Hybrid malware classification method using segmentation-based fractal texture analysis and deep convolution neural network features. Appl. Sci., 10.","DOI":"10.3390\/app10144966"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Bazrafshan, Z., Hashemi, H., Fard, S.M.H., and Hamzeh, A. (2013, January 28\u201330). A survey on heuristic malware detection techniques. Proceedings of the 5th Conference on Information and Knowledge Technology (IKT), Shiraz, Iran.","DOI":"10.1109\/IKT.2013.6620049"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Rathore, H., Agarwal, S., Sahay, S., and Sewak, M. (2019, January 17\u201320). Malware Detection using Machine Learning and Deep Learning. Proceedings of the International Conference of Big Data Analytics, Goa, India.","DOI":"10.1007\/978-3-030-04780-1_28"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Lee, Y.-S., Lee, J.-U., and Soh, W.-Y. (2018, January 2\u20134). Trend of Malware Detection Using Deep Learning. Proceedings of the 2nd International Conference on Education and Multimedia Technology, Okinawa, Japan.","DOI":"10.1145\/3206129.3239430"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Pluskal, O. (2015, January 9\u201312). Behavioural malware detection using efficient SVM implementation. Proceedings of the Conference on Research in Adaptive and Convergent Systems\u2014RACS, Prague, Czech Republic.","DOI":"10.1145\/2811411.2811516"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Cakir, B., and Dogdu, E. (2018, January 29\u201331). Malware classification using deep learning methods. Proceedings of the ACMSE 2018 Conference on\u2014ACMSE \u201918, Richmond, KY, USA.","DOI":"10.1145\/3190645.3190692"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"102098","DOI":"10.1016\/j.adhoc.2020.102098","article-title":"End-to-end malware detection for android IoT devices using deep learning","volume":"101","author":"Ren","year":"2020","journal-title":"Ad Hoc Netw."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1007\/s00521-017-3077-6","article-title":"Malware detection based on deep learning algorithm","volume":"31","author":"Yuxin","year":"2019","journal-title":"Neural Comput. Appl."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"101792","DOI":"10.1016\/j.cose.2020.101792","article-title":"AMalNet: A deep learning framework based on graph convolutional networks for malware detection","volume":"93","author":"Pei","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"\u010ceponis, D., and Goranin, N. (2020). Investigation of dual-flow deep learning models LSTM-FCN and GRU-FCN efficiency against single-flow CNN models for the host-based intrusion and malware detection task on univariate times series data. Appl. Sci., 10.","DOI":"10.3390\/app10072373"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/s11265-020-01588-1","article-title":"A method for windows malware detection based on deep learning","volume":"93","author":"Huang","year":"2021","journal-title":"J. Signal Process. Syst."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"158820","DOI":"10.1109\/ACCESS.2019.2945545","article-title":"Comprehensive Review of Artificial Neural Network Applications to Pattern Recognition","volume":"7","author":"Abiodun","year":"2019","journal-title":"IEEE Access"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"112588","DOI":"10.1109\/ACCESS.2019.2934012","article-title":"SMASH: A malware detection method based on multi-feature ensemble learning","volume":"7","author":"Dai","year":"2019","journal-title":"IEEE Access"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"620","DOI":"10.1109\/TDSC.2018.2801858","article-title":"EnsembleHMD: Accurate hardware malware detectors with specialized ensemble classifiers","volume":"17","author":"Khasawneh","year":"2018","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"3886","DOI":"10.1109\/TIFS.2020.3003571","article-title":"Adversarial deep ensemble: Evasion attacks and defenses for malware detection","volume":"15","author":"Li","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Xue, D., Li, J., Wu, W., Tian, Q., and Wang, J. (2019). Homology analysis of malware based on ensemble learning and multifeatures. PLoS ONE, 14.","DOI":"10.1371\/journal.pone.0223679"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Zhang, J., Gao, C., Gong, L., Gu, Z., Man, D., Yang, W., and Li, W. (2020). Malware detection based on multi-level and dynamic multi-feature using ensemble learning at hypervisor. Mobile Netw. Appl.","DOI":"10.1007\/s11036-019-01503-4"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"463","DOI":"10.1109\/TSMCC.2011.2161285","article-title":"A review on ensembles for the class imbalance problem: Bagging-, boosting-, and hybrid-based approaches","volume":"42","author":"Galar","year":"2012","journal-title":"IEEE Trans. Syst. Man Cybern. Part C Appl. Rev."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Sagi, O., and Rokach, L. (2018). Ensemble learning: A survey. Wiley Interdiscip. Rev. Data Min. Knowl. Discov., 8.","DOI":"10.1002\/widm.1249"},{"key":"ref_40","first-page":"18","article-title":"Malware detection based on source data using data mining: A survey","volume":"3","author":"Basu","year":"2016","journal-title":"Am. J. Adv. Comput."},{"key":"ref_41","first-page":"562","article-title":"The optimality of naive bayes","volume":"Volume 2","author":"Zhang","year":"2004","journal-title":"Proceedings of the Seventeenth International Florida Artificial Intelligence Research Society Conference, FLAIRS 2004"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1007\/BF00116251","article-title":"Induction of decision trees","volume":"1","author":"Quinlan","year":"1986","journal-title":"Mach. Learn."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"Breiman","year":"2001","journal-title":"Mach. Learn."},{"key":"ref_44","unstructured":"R\u00e4tsch, G., Onoda, T., and M\u00fcller, K.R. (1999). Regularizing AdaBoost. Advances in Neural Information Processing Systems, MIT Press."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1214\/aos\/1013203451","article-title":"Greedy function approximation: A gradient boosting machine","volume":"29","author":"Friedman","year":"2001","journal-title":"Ann. Stat."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Van der Laan, M.J., Polley, E.C., and Hubbard, A.E. (2007). Super Learner. Stat. Appl. Genet. Mol. Biol., 6.","DOI":"10.2202\/1544-6115.1309"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s10994-006-6226-1","article-title":"Extremely Randomized Trees","volume":"63","author":"Geurts","year":"2006","journal-title":"Mach. Learn."},{"key":"ref_48","first-page":"551","article-title":"Online Passive-Aggressive Algorithms","volume":"7","author":"Crammer","year":"2006","journal-title":"J. Mach. Learn. Res."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Azmee, A.B.M., Protim, P., Aosaful, M., Dutta, O., and Iqbal, M. (2020). Performance Analysis of Machine Learning Classifiers for Detecting PE Malware. Int. J. Adv. Comput. Sci. Appl., 11.","DOI":"10.14569\/IJACSA.2020.0110163"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/TST.2016.7399288","article-title":"Droiddetector: Android malware characterization and detection using deep learning","volume":"21","author":"Yuan","year":"2016","journal-title":"Tsinghua Sci. Technol."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"McLaughlin, N., Martinez del Rincon, J., Kang, B., Yerima, S., Miller, P., Sezer, S., Safaei, Y., Trickel, E., Zhao, Z., and Doupe, A. (2017, January 22\u201324). Deep android malware detection. Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, AZ, USA.","DOI":"10.1145\/3029806.3029823"},{"key":"ref_52","unstructured":"Karbab, E.B., Debbabi, M., Derhab, A., and Mouheb, D. (2017). Android malware detection using deep learning on api method sequences. arXiv."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Song, S., and Tong, Y. (2016). DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call Blocks. Web-Age Information Management, Springer.","DOI":"10.1007\/978-3-319-47121-1"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Hou, S., Saas, A., Chen, L., Ye, Y., and Bourlai, T. (August, January 13). Deep neural networks for automatic android malware detection. Proceedings of the 2017 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining, Sydney, Australia.","DOI":"10.1145\/3110025.3116211"},{"key":"ref_55","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., and Nicholas, C.K. (2018, January 2\u20137). Malware detection by eating a whole EXE. Proceedings of the Workshops of the Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, LA, USA."},{"key":"ref_56","unstructured":"Kr\u010d\u00e1l, M., \u0160vec, O., B\u00e1lek, M., and Ja\u0161ek, O. (May, January 30). Deep convolutional malware classifiers can learn from raw executables and labels only. Proceedings of the 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada."}],"container-title":["Informatics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2227-9709\/8\/1\/10\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:22:41Z","timestamp":1760160161000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2227-9709\/8\/1\/10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,10]]},"references-count":56,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,3]]}},"alternative-id":["informatics8010010"],"URL":"https:\/\/doi.org\/10.3390\/informatics8010010","relation":{},"ISSN":["2227-9709"],"issn-type":[{"value":"2227-9709","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,10]]}}}