{"id":"https://openalex.org/W4317830582","doi":"https://doi.org/10.1093/comjnl/bxac198","title":"Android Malware Detection in Bytecode Level Using TF-IDF and XGBoost","display_name":"Android Malware Detection in Bytecode Level Using TF-IDF and XGBoost","publication_year":2023,"publication_date":"2023-01-22","ids":{"openalex":"https://openalex.org/W4317830582","doi":"https://doi.org/10.1093/comjnl/bxac198"},"language":"en","primary_location":{"id":"doi:10.1093/comjnl/bxac198","is_oa":false,"landing_page_url":"https://doi.org/10.1093/comjnl/bxac198","pdf_url":null,"source":{"id":"https://openalex.org/S44643521","display_name":"The Computer Journal","issn_l":"0010-4620","issn":["0010-4620","1460-2067"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The Computer Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047410587","display_name":"Gokhan Ozogur","orcid":"https://orcid.org/0000-0002-8280-5368"},"institutions":[{"id":"https://openalex.org/I4210112471","display_name":"Istanbul University-Cerrahpa\u015fa","ror":"https://ror.org/01dzn5f42","country_code":"TR","type":"education","lineage":["https://openalex.org/I4210112471"]}],"countries":["TR"],"is_corresponding":true,"raw_author_name":"Gokhan Ozogur","raw_affiliation_strings":["Department of Computer Engineering, Istanbul University-Cerrahpasa , Istanbul, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Istanbul University-Cerrahpasa , Istanbul, Turkey","institution_ids":["https://openalex.org/I4210112471"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057522130","display_name":"Mehmet Ali Ert\u00fcrk","orcid":"https://orcid.org/0000-0002-4030-1110"},"institutions":[{"id":"https://openalex.org/I67581229","display_name":"Istanbul University","ror":"https://ror.org/03a5qrr21","country_code":"TR","type":"education","lineage":["https://openalex.org/I67581229"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Mehmet Ali Erturk","raw_affiliation_strings":["Department of Transportation and Logistics, Istanbul University , Istanbul, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Transportation and Logistics, Istanbul University , Istanbul, Turkey","institution_ids":["https://openalex.org/I67581229"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028787853","display_name":"Zeynep Ayd\u0131n","orcid":"https://orcid.org/0000-0002-4125-0589"},"institutions":[{"id":"https://openalex.org/I4210112471","display_name":"Istanbul University-Cerrahpa\u015fa","ror":"https://ror.org/01dzn5f42","country_code":"TR","type":"education","lineage":["https://openalex.org/I4210112471"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Zeynep Gurkas Aydin","raw_affiliation_strings":["Department of Computer Engineering, Istanbul University-Cerrahpasa , Istanbul, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Istanbul University-Cerrahpasa , Istanbul, Turkey","institution_ids":["https://openalex.org/I4210112471"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013726817","display_name":"Muhammed Ali Ayd\u0131n","orcid":"https://orcid.org/0000-0002-1846-6090"},"institutions":[{"id":"https://openalex.org/I4210112471","display_name":"Istanbul University-Cerrahpa\u015fa","ror":"https://ror.org/01dzn5f42","country_code":"TR","type":"education","lineage":["https://openalex.org/I4210112471"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Muhammed Ali Aydin","raw_affiliation_strings":["Department of Computer Engineering, Istanbul University-Cerrahpasa , Istanbul, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Istanbul University-Cerrahpasa , Istanbul, Turkey","institution_ids":["https://openalex.org/I4210112471"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5047410587"],"corresponding_institution_ids":["https://openalex.org/I4210112471"],"apc_list":{"value":2635,"currency":"GBP","value_usd":3232},"apc_paid":null,"fwci":2.97,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.91829661,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"66","issue":"9","first_page":"2317","last_page":"2328"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8586975336074829},{"id":"https://openalex.org/keywords/bytecode","display_name":"Bytecode","score":0.8550214767456055},{"id":"https://openalex.org/keywords/opcode","display_name":"Opcode","score":0.75459885597229},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6811690330505371},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6732124090194702},{"id":"https://openalex.org/keywords/tf\u2013idf","display_name":"tf\u2013idf","score":0.550987958908081},{"id":"https://openalex.org/keywords/decoding-methods","display_name":"Decoding methods","score":0.5139638781547546},{"id":"https://openalex.org/keywords/boosting","display_name":"Boosting (machine learning)","score":0.4803087115287781},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.380135178565979},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3567770719528198},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.25949233770370483},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.15775471925735474},{"id":"https://openalex.org/keywords/term","display_name":"Term (time)","score":0.12317979335784912}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8586975336074829},{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.8550214767456055},{"id":"https://openalex.org/C52173422","wikidata":"https://www.wikidata.org/wiki/Q766483","display_name":"Opcode","level":2,"score":0.75459885597229},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6811690330505371},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6732124090194702},{"id":"https://openalex.org/C81758059","wikidata":"https://www.wikidata.org/wiki/Q796584","display_name":"tf\u2013idf","level":3,"score":0.550987958908081},{"id":"https://openalex.org/C57273362","wikidata":"https://www.wikidata.org/wiki/Q576722","display_name":"Decoding methods","level":2,"score":0.5139638781547546},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.4803087115287781},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.380135178565979},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3567770719528198},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.25949233770370483},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.15775471925735474},{"id":"https://openalex.org/C61797465","wikidata":"https://www.wikidata.org/wiki/Q1188986","display_name":"Term (time)","level":2,"score":0.12317979335784912},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1093/comjnl/bxac198","is_oa":false,"landing_page_url":"https://doi.org/10.1093/comjnl/bxac198","pdf_url":null,"source":{"id":"https://openalex.org/S44643521","display_name":"The Computer Journal","issn_l":"0010-4620","issn":["0010-4620","1460-2067"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The Computer Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W2101234009","https://openalex.org/W2295598076","https://openalex.org/W2468480579","https://openalex.org/W2744095836","https://openalex.org/W2753692828","https://openalex.org/W2789983203","https://openalex.org/W2891545356","https://openalex.org/W2904654779","https://openalex.org/W2906631928","https://openalex.org/W2915480215","https://openalex.org/W2944337987","https://openalex.org/W2964136807","https://openalex.org/W2985246627","https://openalex.org/W3141138956","https://openalex.org/W3181531606","https://openalex.org/W4252322778","https://openalex.org/W6675354045","https://openalex.org/W6678217462","https://openalex.org/W6682691769","https://openalex.org/W6719575533","https://openalex.org/W6786064292","https://openalex.org/W6792934194"],"related_works":["https://openalex.org/W4386952226","https://openalex.org/W36091977","https://openalex.org/W4382794599","https://openalex.org/W2800331776","https://openalex.org/W2903602818","https://openalex.org/W3011166791","https://openalex.org/W2003791967","https://openalex.org/W3016048014","https://openalex.org/W4294976063","https://openalex.org/W4387382577"],"abstract_inverted_index":{"Abstract":[0],"Android":[1],"is":[2,45,59,105],"the":[3,8,24,30,64,101,120,127],"dominant":[4],"operating":[5],"system":[6],"in":[7,17,23,35,50,54,112,122,173,184],"smartphone":[9],"market":[10],"and":[11,148,183],"there":[12,58,104],"exists":[13],"millions":[14],"of":[15,26,32,82],"applications":[16,27,34,121],"various":[18,68],"application":[19,71,166],"stores.":[20],"The":[21,156],"increase":[22],"number":[25],"has":[28],"necessitated":[29],"detection":[31],"malicious":[33],"a":[36,51,79,133,164,169,180],"short":[37],"time.":[38],"As":[39],"opposed":[40],"to":[41,47,62,91,109],"dynamic":[42],"analysis,":[43],"it":[44],"possible":[46],"obtain":[48],"results":[49,158],"shorter":[52],"time":[53],"static":[55],"analysis":[56],"as":[57,168],"no":[60],"need":[61],"run":[63],"applications.":[65],"However,":[66],"obtaining":[67],"information":[69],"from":[70],"packages":[72],"using":[73,135],"reverse":[74],"engineering":[75],"techniques":[76],"still":[77,106],"requires":[78],"substantial":[80],"amount":[81],"processing":[83],"power.":[84],"Although":[85],"some":[86],"attempts":[87],"have":[88],"been":[89],"made":[90],"solve":[92],"this":[93,113,116],"problem":[94],"by":[95],"analyzing":[96],"binary":[97,128],"files":[98],"without":[99,125],"decoding":[100,126],"source":[102,129],"code,":[103],"more":[107],"work":[108],"be":[110],"done":[111],"area.":[114],"In":[115],"study,":[117],"we":[118],"analyzed":[119],"bytecode":[123],"level":[124],"files.":[130],"We":[131],"proposed":[132],"model":[134,162],"Term":[136],"Frequency":[137,141],"-":[138],"Inverse":[139],"Document":[140],"(TF-IDF)":[142],"word":[143],"representation":[144],"for":[145,154],"feature":[146],"extraction":[147],"Extreme":[149],"Gradient":[150],"Boosting":[151],"(XGBoost)":[152],"method":[153],"classification.":[155],"experimental":[157],"show":[159],"that":[160],"our":[161],"classifies":[163],"given":[165],"package":[167],"malware":[170],"or":[171],"benign":[172],"2.75":[174],"s":[175,186],"with":[176,187],"99.05%":[177],"F1-score":[178,189],"on":[179,190],"balanced":[181],"dataset,":[182],"3.30":[185],"99.35%":[188],"an":[191],"imbalanced":[192],"dataset":[193],"containing":[194],"obfuscated":[195],"malwares.":[196]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-01T17:29:45.350535","created_date":"2025-10-10T00:00:00"}