{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T15:12:32Z","timestamp":1772896352979,"version":"3.50.1"},"reference-count":31,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2022,3,28]],"date-time":"2022-03-28T00:00:00Z","timestamp":1648425600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"The Natural Science Foundation of Xinjiang Uygur Autonomous Region","award":["2019D01C062, 2019D01C041, 2019D01C205 and 2020D01C028"],"award-info":[{"award-number":["2019D01C062, 2019D01C041, 2019D01C205 and 2020D01C028"]}]},{"DOI":"10.13039\/501100001809","name":"The National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["12061071"],"award-info":[{"award-number":["12061071"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"The Higher Education of Xinjiang Uygur Autonomous Region","award":["XJEDU2020Y003, and XJEDU2019Y006"],"award-info":[{"award-number":["XJEDU2020Y003, and XJEDU2019Y006"]}]},{"name":"The Tianshan Innovation Team Plan Project of Xinjiang Uygur Autonomous Region","award":["202101642"],"award-info":[{"award-number":["202101642"]}]},{"name":"The National College Student Innovation Training Project","award":["202010755020 and 202010755021"],"award-info":[{"award-number":["202010755020 and 202010755021"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>As Android is a popular a mobile operating system, Android malware is on the rise, which poses a great threat to user privacy and security. Considering the poor detection effects of the single feature selection algorithm and the low detection efficiency of traditional machine learning methods, we propose an Android malware detection framework based on stacking ensemble learning\u2014MFDroid\u2014to identify Android malware. In this paper, we used seven feature selection algorithms to select permissions, API calls, and opcodes, and then merged the results of each feature selection algorithm to obtain a new feature set. Subsequently, we used this to train the base learner, and set the logical regression as a meta-classifier, to learn the implicit information from the output of base learners and obtain the classification results. After the evaluation, the F1-score of MFDroid reached 96.0%. Finally, we analyzed each type of feature to identify the differences between malicious and benign applications. At the end of this paper, we present some general conclusions. In recent years, malicious applications and benign applications have been similar in terms of permission requests. In other words, the model of training, only with permission, can no longer effectively or efficiently distinguish malicious applications from benign applications.<\/jats:p>","DOI":"10.3390\/s22072597","type":"journal-article","created":{"date-parts":[[2022,3,29]],"date-time":"2022-03-29T21:45:51Z","timestamp":1648590351000},"page":"2597","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["MFDroid: A Stacking Ensemble Learning Framework for Android Malware Detection"],"prefix":"10.3390","volume":"22","author":[{"given":"Xusheng","family":"Wang","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China"}]},{"given":"Linlin","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Software, Xinjiang University, Urumqi 830046, China"}]},{"given":"Kai","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China"}]},{"given":"Xuhui","family":"Ding","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0920-5411","authenticated-orcid":false,"given":"Mingming","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Software, Xinjiang University, Urumqi 830046, China"}]}],"member":"1968","published-online":{"date-parts":[[2022,3,28]]},"reference":[{"key":"ref_1","unstructured":"Statcounter (2022, January 13). Mobile Operating System Market Share Worldwide. Available online: https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide\/."},{"key":"ref_2","unstructured":"AV-Comparatives (2022, January 13). Mobile Security Review 2021. Available online: https:\/\/www.av-comparatives.org\/tests\/mobile-security-review-2021\/#google-android."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"5600","DOI":"10.1109\/TSMC.2019.2958382","article-title":"A Lightweight On-Device Detection Method for Android Malware","volume":"51","author":"Yuan","year":"2021","journal-title":"IEEE Trans.Syst. ManCybern. Syst."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1016\/j.future.2018.11.021","article-title":"A machine learning based approach to detect malicious android apps using discriminant system calls","volume":"94","author":"Vinod","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Wong, M.Y., and Lie, D. (2016, January 21\u201324). IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2016.23118"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Mcdonald, J., Herron, N., Glisson, W., and Benton, R. (2021, January 4\u20138). Machine Learning-Based Android Malware Detection Using Manifest Permissions. Proceedings of the 54th Hawaii International Conference on System Sciences, Hawaii, HI, USA.","DOI":"10.24251\/HICSS.2021.839"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., and Rieck, K. (2014, January 23\u201326). DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Allix, K., Bissyand\u00e9, T.F., Klein, J., and Le Traon, Y. (2016, January 14\u201315). Androzoo: Collecting millions of android apps for the research community. Proceedings of the 13th IEEE\/ACM Working Conference on Mining Software Repositories (MSR), Austin, TX, USA.","DOI":"10.1145\/2901739.2903508"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1016\/j.inffus.2018.12.006","article-title":"Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset","volume":"52","author":"Camacho","year":"2019","journal-title":"Inf. Fusion"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","article-title":"Significant Permission Identification for Machine-Learning-Based Android Malware Detection","volume":"14","author":"Li","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1109\/TR.2017.2778147","article-title":"MalPat: Mining patterns of malicious and benign Android apps via permission-related APIs","volume":"67","author":"Tao","year":"2017","journal-title":"IEEE Trans. Reliab."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1016\/j.future.2020.02.002","article-title":"Intelligent mobile malware detection using permission requests and API calls","volume":"107","author":"Alazab","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"938","DOI":"10.1093\/jigpal\/jzx031","article-title":"Using Dalvik opcodes for malware detection on android","volume":"25","author":"Sanz","year":"2017","journal-title":"Logic. J. IGPL"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"102086","DOI":"10.1016\/j.cose.2020.102086","article-title":"JOWMDroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier parameters","volume":"100","author":"Cai","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"5183","DOI":"10.1007\/s00521-020-05309-4","article-title":"MLDroid\u2014Framework for Android malware detection using machine learning techniques","volume":"33","author":"Mahindru","year":"2021","journal-title":"Neural Comput. Appl."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Jannat, U.S., Hasnayeen, S.M., Shuhan, M.K.B., and Ferdous, M.S. (2019, January 7\u20139). Analysis and Detection of Malware in Android Applications Using Machine Learning. Proceedings of the 2019 International Conference on Electrical, Computer and Communication Engineering (ECCE), Cox\u2019s Bazar, Bangladesh.","DOI":"10.1109\/ECACE.2019.8679493"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Aboaoja, F.A., Zainal, A., Ghaleb, F.A., and Al-rimy, B.A.S. (2021, January 6\u20137). Toward an Ensemble Behavioral-based Early Evasive Malware Detection Framework. Proceedings of the 2021 International Conference on Data Science and Its Applications (ICoDSA), Bandung, Indonesia.","DOI":"10.1109\/ICoDSA53588.2021.9617489"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"984","DOI":"10.1109\/TNSE.2020.2996379","article-title":"SEDMDroid: An Enhanced Stacking Ensemble Framework for Android Malware Detection","volume":"8","author":"Zhu","year":"2021","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1016\/j.cose.2017.03.011","article-title":"PIndroid: A novel Android malware detection system using ensemble learning methods","volume":"68","author":"Idrees","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1142\/S2196888820500086","article-title":"Evaluation of Advanced Ensemble Learning Techniques for Android Malware Detection","volume":"7","author":"Rana","year":"2020","journal-title":"Vietnam. J. Comput. Sci."},{"key":"ref_21","unstructured":"VirusTotal (2022, January 13). VirusTotal: Free Online Virus, Malware and URL Scanner. Available online: https:\/\/www.virustotal.com\/."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.future.2017.04.041","article-title":"Characterizing Android apps\u2019 behavior for effective detection of malapps at large scale","volume":"75","author":"Wang","year":"2017","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Lee, J., Jang, H., Ha, S., and Yoon, Y. (2021). Android Malware Detection Using Machine Learning with Feature Selection Based on the Genetic Algorithm. Mathematics, 9.","DOI":"10.3390\/math9212813"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Fatima, A., Maurya, R., Dutta, M.K., Burget, R., and Masek, J. (2019, January 1\u20133). Android Malware Detection Using Genetic Algorithm based Optimized Feature Selection and Machine Learning. Proceedings of the 42nd International Conference on Telecommunications and Signal Processing (TSP), Budapest, Hungary.","DOI":"10.1109\/TSP.2019.8769039"},{"key":"ref_25","first-page":"181","article-title":"Android Application Analysis Using Machine Learning Techniques","volume":"151","author":"Takahashi","year":"2019","journal-title":"AI Cybersecur."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1016\/j.neucom.2018.09.077","article-title":"Theoretical foundations of forward feature selection methods based on mutual information","volume":"325","author":"Macedo","year":"2019","journal-title":"Neurocomputing"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Han, H., Lim, S., Suh, K., Park, S., Cho, S.-J., and Park, M. (2020, January 19\u201322). Enhanced android malware detection: An svm-based machine learning approach. Proceedings of the IEEE International Conference on Big Data and Smart Computing (BigComp), Busan, Korea.","DOI":"10.1109\/BigComp48618.2020.00-96"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Chen, T., and Guestrin, C. (2016, January 13\u201317). XGBoost: A Scalable Tree Boosting System. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA.","DOI":"10.1145\/2939672.2939785"},{"key":"ref_29","first-page":"3146","article-title":"Lightgbm: A highly efficient gradient boosting decision tree","volume":"30","author":"Ke","year":"2017","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_30","unstructured":"Dorogush, A.V., Ershov, V., and Gulin, A. (2018). CatBoost: Gradient boosting with categorical features support. arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Rodrigo, C., Pierre, S., Beaubrun, R., and El Khoury, F. (2021). BrainShield: A Hybrid Machine Learning-Based Malware Detection Model for Android Devices. Electronics, 10.","DOI":"10.3390\/electronics10232948"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/7\/2597\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:45:18Z","timestamp":1760136318000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/7\/2597"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,28]]},"references-count":31,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2022,4]]}},"alternative-id":["s22072597"],"URL":"https:\/\/doi.org\/10.3390\/s22072597","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,28]]}}}