{"id":"https://openalex.org/W4411336750","doi":"https://doi.org/10.1109/access.2025.3579880","title":"OPTISTACK: A Hybrid Ensemble Learning and XAI-Based Approach for Malware Detection in Compressed Files","display_name":"OPTISTACK: A Hybrid Ensemble Learning and XAI-Based Approach for Malware Detection in Compressed Files","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4411336750","doi":"https://doi.org/10.1109/access.2025.3579880"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3579880","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3579880","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3579880","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107266965","display_name":"Khaled Mahmud Sujon","orcid":null},"institutions":[{"id":"https://openalex.org/I4576418","display_name":"University of Technology Malaysia","ror":"https://ror.org/026w31v75","country_code":"MY","type":"education","lineage":["https://openalex.org/I4576418"]}],"countries":["MY"],"is_corresponding":true,"raw_author_name":"Khaled Mahmud Sujon","raw_affiliation_strings":["Department of Software Engineering, Faculty of Computing, Universiti Teknologi Malaysia (UTM), Johor Bahru, Johor, Malaysia"],"raw_orcid":"https://orcid.org/0009-0009-4065-9874","affiliations":[{"raw_affiliation_string":"Department of Software Engineering, Faculty of Computing, Universiti Teknologi Malaysia (UTM), Johor Bahru, Johor, Malaysia","institution_ids":["https://openalex.org/I4576418"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046054978","display_name":"R. Hassan","orcid":"https://orcid.org/0000-0003-1062-1719"},"institutions":[{"id":"https://openalex.org/I4210089915","display_name":"Newcastle University Medicine Malaysia","ror":"https://ror.org/009e9eq52","country_code":"MY","type":"education","lineage":["https://openalex.org/I4210089915"]},{"id":"https://openalex.org/I4576418","display_name":"University of Technology Malaysia","ror":"https://ror.org/026w31v75","country_code":"MY","type":"education","lineage":["https://openalex.org/I4576418"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Rohayanti Binti Hassan","raw_affiliation_strings":["Faculty of Computing, UTM, Johor Bahru, Johor, Malaysia","Faculty of Computing, Universiti Teknologi Malaysia (UTM), Johor Bahru, Johor, Malaysia"],"raw_orcid":"https://orcid.org/0000-0003-1062-1719","affiliations":[{"raw_affiliation_string":"Faculty of Computing, UTM, Johor Bahru, Johor, Malaysia","institution_ids":["https://openalex.org/I4210089915","https://openalex.org/I4576418"]},{"raw_affiliation_string":"Faculty of Computing, Universiti Teknologi Malaysia (UTM), Johor Bahru, Johor, Malaysia","institution_ids":["https://openalex.org/I4576418"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009252576","display_name":"M. Abdullah\u2010Al\u2010Wadud","orcid":"https://orcid.org/0000-0001-6767-3574"},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"M. Abdullah-Al-Wadud","raw_affiliation_strings":["Department of Software Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-6767-3574","affiliations":[{"raw_affiliation_string":"Department of Software Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036848523","display_name":"Jia Uddin","orcid":"https://orcid.org/0000-0002-3403-4095"},"institutions":[{"id":"https://openalex.org/I85389745","display_name":"Woosong University","ror":"https://ror.org/02srty072","country_code":"KR","type":"education","lineage":["https://openalex.org/I85389745"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jia Uddin","raw_affiliation_strings":["Artificial Intelligence and Big Data Department, Woosong University, Daejeon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-3403-4095","affiliations":[{"raw_affiliation_string":"Artificial Intelligence and Big Data Department, Woosong University, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I85389745"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5107266965"],"corresponding_institution_ids":["https://openalex.org/I4576418"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.14429359,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"104992","last_page":"105026"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9891999959945679,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.829015851020813},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7939709424972534},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.5565007925033569},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4456150531768799},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39605221152305603},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3449755311012268},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3374766409397125},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1612737774848938}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.829015851020813},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7939709424972534},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.5565007925033569},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4456150531768799},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39605221152305603},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3449755311012268},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3374766409397125},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1612737774848938}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3579880","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3579880","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:9916fa786f5f43c2a7f26dd4eaedb2a8","is_oa":true,"landing_page_url":"https://doaj.org/article/9916fa786f5f43c2a7f26dd4eaedb2a8","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 104992-105026 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3579880","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3579880","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2034217079","display_name":null,"funder_award_id":"ORF-2025-951","funder_id":"https://openalex.org/F4320321145","funder_display_name":"King Saud University"}],"funders":[{"id":"https://openalex.org/F4320321145","display_name":"King Saud University","ror":"https://ror.org/02f81g417"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W2923724895","https://openalex.org/W2942799786","https://openalex.org/W2962912862","https://openalex.org/W2990518194","https://openalex.org/W2993999308","https://openalex.org/W3018447310","https://openalex.org/W3039528609","https://openalex.org/W3082741490","https://openalex.org/W3090046868","https://openalex.org/W3105870453","https://openalex.org/W3128652290","https://openalex.org/W3149815788","https://openalex.org/W3153242163","https://openalex.org/W3175671845","https://openalex.org/W3198518634","https://openalex.org/W3210290546","https://openalex.org/W3213292390","https://openalex.org/W4206967005","https://openalex.org/W4211041918","https://openalex.org/W4211215775","https://openalex.org/W4223971849","https://openalex.org/W4224981464","https://openalex.org/W4285073135","https://openalex.org/W4307134482","https://openalex.org/W4309378792","https://openalex.org/W4312470813","https://openalex.org/W4315486917","https://openalex.org/W4315750401","https://openalex.org/W4376587718","https://openalex.org/W4379381585","https://openalex.org/W4382935143","https://openalex.org/W4384949195","https://openalex.org/W4385570601","https://openalex.org/W4388107905","https://openalex.org/W4390572779","https://openalex.org/W4399181320","https://openalex.org/W4399529934","https://openalex.org/W4401050668","https://openalex.org/W4401764658","https://openalex.org/W4402352842","https://openalex.org/W4402568971","https://openalex.org/W4402594867","https://openalex.org/W4405022532","https://openalex.org/W4406292516","https://openalex.org/W4410198342","https://openalex.org/W6838792682","https://openalex.org/W6851214807"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W4376643315","https://openalex.org/W4324137541","https://openalex.org/W2900445707","https://openalex.org/W4285741730","https://openalex.org/W1191482210","https://openalex.org/W4285046548"],"abstract_inverted_index":{"The":[0],"increasing":[1],"reliance":[2],"on":[3,185],"compressed":[4,44,150,181,313],"file":[5,45,314],"formats":[6,46],"for":[7,17,177,309],"data":[8],"storage":[9],"and":[10,78,108,138,142,168,204,219,231,250,281,296,306],"transmission":[11],"has":[12,33],"made":[13],"them":[14],"attractive":[15],"vectors":[16],"malware":[18,39,178,311],"propagation,":[19],"as":[20,111,261,283],"their":[21,82,244],"structural":[22],"complexity":[23],"enables":[24],"evasion":[25],"of":[26,64,155],"conventional":[27],"detection":[28,179],"mechanisms.":[29],"Although":[30],"entropy-based":[31,125],"analysis":[32,224,254,277],"been":[34],"widely":[35],"applied":[36],"in":[37,85,149,180,229,240,247,312,318],"executable":[38],"detection,":[40],"its":[41],"application":[42],"to":[43,55,59,163,237],"remains":[47],"underexplored.":[48],"Moreover,":[49],"existing":[50,319],"approaches":[51],"are":[52],"predominantly":[53],"limited":[54,76],"Shannon":[56],"entropy,":[57,137],"failing":[58],"exploit":[60],"the":[61,153,160,186,257,262,284],"discriminative":[62],"power":[63],"higher-order":[65,165],"statistical":[66,147],"metrics.":[67],"Additionally,":[68,269],"standalone":[69],"machine":[70],"learning":[71],"models":[72],"often":[73],"suffer":[74],"from":[75],"generalizability":[77],"lack":[79],"interpretability,":[80],"hindering":[81],"real-world":[83],"deployment":[84],"security-critical":[86],"systems.":[87],"To":[88,152],"address":[89],"these":[90],"challenges,":[91],"we":[92,270],"propose":[93],"OPTISTACK,":[94],"a":[95,115,173,303],"novel":[96],"stacking":[97,174,290],"ensemble":[98,175,291],"framework":[99,308],"that":[100,206,226,278],"integrates":[101],"Random":[102],"Forest":[103],"(RF),":[104],"Decision":[105],"Tree":[106],"(DT),":[107],"XGBoost":[109],"(XGB)":[110],"base":[112],"learners":[113],"with":[114],"Logistic":[116],"Regression":[117],"(LR)":[118],"meta-classifier.":[119],"Our":[120,222],"model":[121,176,248],"leverages":[122],"an":[123,272],"advanced":[124,293],"feature":[126,265],"space\u2014including":[127],"R\u00e9nyi":[128],"entropy":[129,140,166,170,234,260,273,294],"(with":[130],"\u03b1":[131],"=":[132],"2,":[133],"4,":[134],"6),":[135],"mean":[136],"quartile-based":[139],"(25th":[141],"75th":[143,232],"percentiles)\u2014to":[144],"capture":[145],"fine-grained":[146],"variations":[148,228],"data.":[151],"best":[154],"our":[156],"knowledge,":[157],"this":[158],"is":[159],"first":[161],"study":[162],"integrate":[164],"metrics":[167],"distributional":[169],"features":[171],"into":[172],"files.":[182],"Extensive":[183],"evaluation":[184],"NapierOne":[187],"dataset,":[188],"spanning":[189],"six":[190],"prevalent":[191],"compression":[192],"formats\u2014ZIP,":[193],"7ZIP,":[194],"GZIP":[195],"(GNU":[196],"Zip),":[197],"RAR":[198,282],"(Roshal":[199],"Archive),":[200,203],"TAR":[201],"(Tape":[202],"ZLIB\u2014demonstrates":[205],"OPTISTACK":[207,301],"significantly":[208],"outperforms":[209],"traditional":[210],"models,":[211],"achieving":[212],"99.45%":[213],"accuracy,":[214],"99.62%":[215],"F1-score,":[216],"98.80%":[217],"MCC,":[218],"94.11%":[220],"AUC-ROC.":[221],"PDP-ICE":[223],"reveals":[225,279],"minor":[227],"25th":[230,258],"quartile":[233,259],"values":[235],"lead":[236],"substantial":[238],"shifts":[239],"classification":[241],"probabilities,":[242],"underscoring":[243],"critical":[245],"role":[246],"sensitivity":[249],"robustness.":[251],"SHAP-based":[252],"interpretability":[253],"further":[255],"identifies":[256],"most":[263,285],"influential":[264],"across":[266],"all":[267],"models.":[268],"introduce":[271],"network":[274],"graph-based":[275],"vulnerability":[276],"ZIP":[280],"malware-prone":[286],"formats.":[287],"By":[288],"combining":[289],"learning,":[292],"metrics,":[295],"Explainable":[297],"AI":[298],"(XAI)":[299],"techniques,":[300],"delivers":[302],"robust,":[304],"interpretable,":[305],"generalizable":[307],"detecting":[310],"environments\u2014addressing":[315],"key":[316],"limitations":[317],"cybersecurity":[320],"methodologies.":[321]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}