Abstract
Android Operating Systems (OS) are popular due to their open-source availability and easy user interface. This makes them vulnerable to various security attacks so it is necessary to design a malware detection model for devices that operate on the android OS so as to minimize the risk of different malware attacks. In this research, we have proposed the Stacking-based ensemble Machine Learning (ML) malware detection model that detects malware in android devices. Four different ML models, named Support Vector Machine, Catboost, Histogram Gradient Boosting, and Random Forest, are used for the model building. The effectiveness of the proposed model is examined with the two recent datasets, i.e., CIC-MalDroid 2020 and CIC-MalMem 2022, and the model has an accuracy of 98.0% and 99.99%, respectively. Additionally, it was observed that the results of the proposed model outperformed some state-of-the-art models in terms of classification accuracy and other evaluation metrics.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs41870-023-01392-7/MediaObjects/41870_2023_1392_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs41870-023-01392-7/MediaObjects/41870_2023_1392_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs41870-023-01392-7/MediaObjects/41870_2023_1392_Fig3_HTML.png)
Similar content being viewed by others
Data availability
Data will be available on demand.
References
Bakour K, Ünver HM (2021) Visdroid: Android malware classification based on local and global image features, bag of visual words and machine learning techniques. Neural Comput Appl 33(8):3133–3153
Taheri R, Shojafar M, Alazab M, Tafazolli R (2020) Fed-iiot: a robust federated malware detection architecture in industrial iot. IEEE Trans Ind Inf 17(12):8442–8452
Kanaparthi SK, Raju U (2022) Content based image retrieval on big image data using local and global features. Int J Inf Technol 14(1):49–68
Abdoli HN, Bidgoly AJ, Fallah S (2022) Intrusion detection system using soft labeling and stacking ensemble. Int J Inf Technol 14(7):3711–3718
Giannakas F, Kouliaridis V, Kambourakis G (2023) A closer look at machine learning effectiveness in android malware detection. Information 14(1):2
Musikawan P, Kongsorot Y, You I, So-In C (2022) An enhanced deep learning neural network for the detection and identification of android malware. IEEE Internet Things J 2:2
Keyvanpour MR, Barani Shirzad M, Heydarian F (2022) Android malware detection applying feature selection techniques and machine learning. Multimed Tools Appl 2:1–15
Kumar R, Wang W, Kumar J, Yang T, Ali W et al (2021) Collective intelligence: decentralized learning for android malware detection in iot with blockchain. arXiv preprint arXiv:2102.13376
Almahmoud M, Alzu’bi D, Yaseen Q (2021) Redroiddet: android malware detection based on recurrent neural network. Proc Comput Sci 184:841–846
Hsu RH, Wang YC, Fan CI, Sun B, Ban T, Takahashi T, Wu TW, Kao SW (2020) In: 2020 15th Asia Joint Conference on Information Security (AsiaJCIS) (IEEE), pp 128–136
Millar S, McLaughlin N, Martinez del Rincon J, Miller P, Zhao Z (2020) In: Proceedings of the tenth ACM conference on data and application security and privacy, pp 353–364
Faiz MFI, Hussain MA (2020) in 2020 43rd International Conference on Telecommunications and Signal Processing (TSP) (IEEE), pp 492–495
Zhu H, Li Y, Li R, Li J, You Z, Song H (2020) Sedmdroid: an enhanced stacking ensemble framework for android malware detection. IEEE Trans Netw Sci Eng 8(2):984–994
Alzaylaee MK, Yerima SY, Sezer S (2020) Dl-droid: deep learning based android malware detection using real devices. Comput Secur 89:101,663
Xiao Z, Sangaiah A, Xiao X, Zhang S, Mercaldo F, Hu G, Sangaiah AK (2019) Android malware detection based on system call sequences and LSTM. Multimed Tools Appl 78(4):3979–3999
Alshahrani H, Mansourt H, Thorn S, Alshehri A, Alzahrani A, Fu H (2018) In: 2018 IEEE International Conference on Consumer Electronics (ICCE) (IEEE, 2018), pp 1–6
Keim Y, Mohapatra A (2019) Cyber threat intelligence framework using advanced malware forensics. Int J Inf Technol pp 1–10
Dhalaria M, Gandotra E (2021) Csforest: an approach for imbalanced family classification of android malicious applications. Int J Inf Technol 13:1059–1071
Mahdavifar S, Kadir AFA, Fatemi R, Alhadidi D, Ghorbani AA (2020) In: 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) (IEEE), pp 515–522
Mahdavifar S, Alhadidi D, Ghorbani A et al (2022) Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J Netw Syst Manag 30(1):1–34
Carrier T, Victor P, Tekeoglu A, Lashkari AH (2022) In: ICISSP, pp 177–188
Zhang N, Xue J, Ma Y, Zhang R, Liang T, Tan YA (2021) Hybrid sequence-based android malware detection using natural language processing. Int J Intell Syst 36(10):5770–5784
D’Angelo G, Ficco M, Palmieri F (2020) Malware detection in mobile environments based on autoencoders and api-images. J Parallel Distrib Comput 137:26–33
Wang X, Zhang L, Zhao K, Ding X, Yu M (2022) Mfdroid: A stacking ensemble learning framework for android malware detection. Sensors 22(7):2597
Funding
There is no source of funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
There is no conflict of interest.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Joshi, A., Kumar, S. Stacking-based ensemble model for malware detection in android devices. Int. j. inf. tecnol. 15, 2907–2915 (2023). https://doi.org/10.1007/s41870-023-01392-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-023-01392-7