{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,22]],"date-time":"2026-06-22T23:28:23Z","timestamp":1782170903361,"version":"3.54.5"},"reference-count":41,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2022,4,19]],"date-time":"2022-04-19T00:00:00Z","timestamp":1650326400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Background: security has become a major concern for smartphone users in line with the increasing use of mobile applications, which can be downloaded from unofficial sources. These applications make users vulnerable to penetration and viruses. Malicious software (malware) is unwanted software that is frequently used by cybercriminals to launch cyber-attacks. Therefore, the motive of the research was to detect malware early before infection by discovering it at the application-design level and not at the code level, where the virus will have already damaged the system. Methods: in this article, we proposed a malware detection method at the design level based on reverse engineering, the unified modeling language (UML) environment, and the web ontology language (OWL). The proposed method detected \u201cData_Send_Trojan\u201d malware by designing a UML model that simulated the structure of the malware. Then, by generating the ontology of the model, and using RDF query language (SPARQL) to create certain queries, the malware was correctly detected. In addition, we proposed a new classification of malware that was suitable for design detection. Results: the proposed method detected Trojan malware that appeared 552 times in a sample of 600 infected android application packages (APK). The experimental results showed a good performance in detecting malware at the design level with precision and recall of 92% and 91%, respectively. As the dataset increased, the accuracy of detection increased significantly, which made this methodology promising.<\/jats:p>","DOI":"10.3390\/sym14050839","type":"journal-article","created":{"date-parts":[[2022,4,20]],"date-time":"2022-04-20T00:22:43Z","timestamp":1650414163000},"page":"839","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["The Malware Detection Approach in the Design of Mobile Applications"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3496-0697","authenticated-orcid":false,"given":"Doaa","family":"Aboshady","sequence":"first","affiliation":[{"name":"Department of Mathematics, Faculty of Science, Tanta University, Tanta 31511, Egypt"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Naglaa","family":"Ghannam","sequence":"additional","affiliation":[{"name":"Department of Mathematics, Faculty of Science, Al-Azhar University (Girls Branch), Cairo 11884, Egypt"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Eman","family":"Elsayed","sequence":"additional","affiliation":[{"name":"Department of Mathematics, Faculty of Science, Al-Azhar University (Girls Branch), Cairo 11884, Egypt"},{"name":"School of Computer Science, Canadian International College (CIC), Cairo 11835, Egypt"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lamiaa","family":"Diab","sequence":"additional","affiliation":[{"name":"Department of Mathematics, Faculty of Science, Al-Azhar University (Girls Branch), Cairo 11884, Egypt"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,4,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"e212","DOI":"10.7717\/peerj-cs.212","article-title":"Reverse engineering approach for improving the quality of mobile applications","volume":"5","author":"Elsayed","year":"2019","journal-title":"PeerJ Comput. Sci."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"187384","DOI":"10.1109\/ACCESS.2020.3031189","article-title":"An Overview of Design Patterns for Self-Adaptive Systems in the Context of the Internet of Things","volume":"8","author":"Krupitzer","year":"2020","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1514","DOI":"10.1021\/acssynbio.0c00129","article-title":"Biosystems Design by Machine Learning","volume":"9","author":"Volk","year":"2020","journal-title":"ACS Synth. Biol."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"837","DOI":"10.1080\/0144929X.2019.1622786","article-title":"Older adults\u2019 use of mobile device: Usability challenges while navigating various interfaces","volume":"39","author":"Li","year":"2019","journal-title":"Behav. Inf. Technol."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10664-020-09900-0","article-title":"Investigating design anti-pattern and design pattern mutations and their change- and fault-proneness","volume":"26","author":"Kermansaravi","year":"2021","journal-title":"Empir. Softw. Eng."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1108\/ICS-11-2019-0130","article-title":"Incorporating the human facet of security in developing systems and services","volume":"29","author":"Naqvi","year":"2021","journal-title":"Inf. Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"e1978","DOI":"10.1002\/smr.1978","article-title":"An exploratory study on the evolution of Android malware quality","volume":"30","author":"Mercaldo","year":"2018","journal-title":"J. Softw. Evol. Process"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"3289","DOI":"10.1007\/s13369-020-04365-1","article-title":"Recovering Android Bad Smells from Android Applications","volume":"45","author":"Rasool","year":"2020","journal-title":"Arab. J. Sci. Eng."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1191","DOI":"10.1007\/s10270-020-00781-x","article-title":"A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements","volume":"19","author":"Ramadan","year":"2020","journal-title":"Softw. Syst. Model."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"106278","DOI":"10.1016\/j.infsof.2020.106278","article-title":"A large scale empirical study of the impact of Spaghetti Code and Blob anti-patterns on program comprehension","volume":"122","author":"Politowski","year":"2020","journal-title":"Inf. Softw. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1241","DOI":"10.1007\/s11280-019-00755-0","article-title":"A multiview learning method for malware threat hunting: Windows, IoT and android as case studies","volume":"23","author":"Darabian","year":"2020","journal-title":"World Wide Web"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3403943","article-title":"Hardware Performance Counter-Based Fine-Grained Malware Detection","volume":"19","author":"Kadiyala","year":"2020","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"101775","DOI":"10.1016\/j.cose.2020.101775","article-title":"Optimizing symbolic execution for malware behavior classification","volume":"93","author":"Sebastio","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Maevsky, D.A., Maevskaya, E.J., Stetsuyk, E.D., and Shapa, L.N. (2017). Malicious Software Effect on the Mobile Devices Power Consumption. Structural Equation Modelling, Springer Science and Business Media LLC.","DOI":"10.1007\/978-3-319-55595-9_8"},{"key":"ref_15","first-page":"299","article-title":"DroidMD: An efficient and scalable Android malware detection approach at source code level","volume":"15","author":"Akram","year":"2021","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1016\/j.future.2021.11.005","article-title":"Android malware obfuscation variants detection method based on multi-granularity opcode features","volume":"129","author":"Tang","year":"2021","journal-title":"Futur. Gener. Comput. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1016\/j.future.2021.06.032","article-title":"Visualization and deep-learning-based malware variant detection using OpCode-level features","volume":"125","author":"Darem","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"106729","DOI":"10.1016\/j.compeleceng.2020.106729","article-title":"Improving malware detection using big data and ensemble learning","volume":"86","author":"Gupta","year":"2020","journal-title":"Comput. Electr. Eng."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"102098","DOI":"10.1016\/j.adhoc.2020.102098","article-title":"End-to-end malware detection for android IoT devices using deep learning","volume":"101","author":"Ren","year":"2020","journal-title":"Ad Hoc Netw."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Wressnegger, C., Freeman, K., Yamaguchi, F., and Rieck, K. (2017, January 2\u20136). Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates.","DOI":"10.1145\/3052973.3053002"},{"key":"ref_21","first-page":"102828","article-title":"Malware classification and composition analysis: A survey of recent developments","volume":"59","author":"Abusitta","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"90102","DOI":"10.1109\/ACCESS.2021.3090998","article-title":"Classification and Analysis of Android Malware Images Using Feature Fusion Technique","volume":"9","author":"Singh","year":"2021","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1007\/s11416-021-00387-x","article-title":"Malware detection and classification using community detection and social network analysis","volume":"17","author":"Reddy","year":"2021","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/MSP.2007.45","article-title":"Toward Automated Dynamic Malware Analysis Using CWSandbox","volume":"5","author":"Willems","year":"2007","journal-title":"IEEE Secur. Priv."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"113022","DOI":"10.1016\/j.eswa.2019.113022","article-title":"Detecting malware evolution using support vector machines","volume":"143","author":"Wadkar","year":"2020","journal-title":"Expert Syst. Appl."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Paul, S., and Stamp, M. (2021). Word Embedding Techniques for Malware Evolution Detection. Malware Analysis Using Artificial Intelligence and Deep Learning, Springer Science and Business Media LLC.","DOI":"10.1007\/978-3-030-62582-5_12"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Sharma, N., and Arora, B. (2020). Data Mining and Machine Learning Techniques for Malware Detection. Advances in Intelligent Systems and Computing, Springer Science and Business Media LLC.","DOI":"10.1007\/978-981-15-6014-9_66"},{"key":"ref_28","first-page":"1","article-title":"Detecting Malware with an Ensemble Method Based on Deep Neural Network","volume":"2018","author":"Yan","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"3035","DOI":"10.1007\/s12652-018-0803-6","article-title":"Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network","volume":"10","author":"Wang","year":"2019","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"e346","DOI":"10.7717\/peerj-cs.346","article-title":"Data augmentation based malware detection using convolutional neural networks","volume":"7","author":"Catak","year":"2021","journal-title":"PeerJ Comput. Sci."},{"key":"ref_31","unstructured":"Brown, W.H., Malveau, R.C., McCormick, H.W., and Mowbray, T.J. (1998). AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis, John Wiley & Sons, Inc."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Mann, C. (2007). Object-Oriented Metrics in Practice: Using Software Metrics to Characterize, Evaluate, and Improve the Design of Object-Oriented Systems. Kybernetes, 36.","DOI":"10.1108\/k.2007.06736eae.001"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/TSE.2009.50","article-title":"DECOR: A Method for the Specification and Detection of Code and Design Smells","volume":"36","author":"Moha","year":"2010","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_34","unstructured":"Van Emden, E., and Moonen, L. (November, January 29). Java quality assurance by detecting code smells. Proceedings of the Ninth Working Conference on Reverse Engineering, Richmond, VA, USA."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"9041","DOI":"10.1016\/j.eswa.2012.02.049","article-title":"Enhancing ontology-based antipattern detection using Bayesian networks","volume":"39","author":"Settas","year":"2012","journal-title":"Expert Syst. Appl."},{"key":"ref_36","first-page":"25","article-title":"Metric Method for Long Life Semantic Applications","volume":"12","author":"Elsayed","year":"2019","journal-title":"Int. J. Intell. Eng. Syst."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"El-Dahshan, K.A., Elsayed, E.K., and Ghannam, N.E. (2019, January 9\u201312). Comparative Study for Detecting Mobile Application\u2019s Anti-Patterns. Proceedings of the 2019 8th International Conference on Software and Information Engineering, Cairo, Egypt.","DOI":"10.1145\/3328833.3328834"},{"key":"ref_38","unstructured":"Svensson, R., Tatrous, A., and Palma, F. Defining Design Patterns for IoT APIs. Proceedings of the Communications in Computer and Information Science."},{"key":"ref_39","first-page":"1","article-title":"Towards a systematic description of the field using bibliometric analysis: Malware evolution","volume":"9","author":"Mat","year":"2021","journal-title":"Scientometrics"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Mahdavifar, S., Kadir, A.F.A., Fatemi, R., Alhadidi, D., and Ghorbani, A.A. (2020, January 17\u201324). Dynamic Android Malware Category Classification using Semi-Supervised Deep Learning. Proceedings of the 18th IEEE International Conference on Dependable, Autonomic, and Secure Computing (DASC), Calgary, AB, Canada. Available online: https:\/\/www.unb.ca\/cic\/datasets\/maldroid-2020.html.","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Jia, Z., Yao, Y., Wang, Q., Wang, X., Liu, B., and Jiang, Z. (2021). Trojan Traffic Detection Based on Meta-learning. Proceedings of the Swarm, Evolutionary, and Memetic Computing, Springer Science and Business Media LLC.","DOI":"10.1007\/978-3-030-77964-1_14"}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/5\/839\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:56:20Z","timestamp":1760136980000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/5\/839"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,19]]},"references-count":41,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2022,5]]}},"alternative-id":["sym14050839"],"URL":"https:\/\/doi.org\/10.3390\/sym14050839","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,19]]}}}