Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features Article Swipe
Ramadhan Rakhmat Sani
,
Fauzi Adi Rafrastara
,
Wildanil Ghozi
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.22219/kinetik.v10i1.2051
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.22219/kinetik.v10i1.2051
The rapid advancement of malware poses a significant threat to devices, like personal computers and mobile phones. One of the most serious threats commonly faced is malicious software, including viruses, worms, trojan horses, and ransomware. Conventional antivirus software is becoming ineffective against the ever-evolving nature of malware, which can now take on various forms like polymorphic, metamorphic, and oligomorphic variants. These advanced malware types can not only replicate and distribute themselves, but also create unique fingerprints for each offspring. To address this challenge, a new generation of antivirus software based on machine learning is needed. This intelligent approach can detect malware based on its behavior, rather than relying on outdated fingerprint-based methods. This study explored the integration of machine learning models for malware detection using various ensemble algorithms and feature selection techniques. The study compared three ensemble algorithms: Gradient Boosting, Random Forest, and AdaBoost. It used Information Gain for feature selection, analyzing 21 features. Additionally, the study employed a public dataset called ‘Malware Static and Dynamic Features VxHeaven and VirusTotal Data Set’, which encompasses both static and dynamic malware features. The results demonstrate that the Gradient Boosting algorithm combined with Information Gain feature selection achieved the highest performance, reaching an accuracy and F1-Score of 99.2%.
Related Topics
Concepts
Metadata
- Type
- article
- Language
- en
- Landing Page
- https://doi.org/10.22219/kinetik.v10i1.2051
- OA Status
- diamond
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4406707501
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4406707501Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.22219/kinetik.v10i1.2051Digital Object Identifier
- Title
-
Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic FeaturesWork title
- Type
-
articleOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-01-22Full publication date if available
- Authors
-
Ramadhan Rakhmat Sani, Fauzi Adi Rafrastara, Wildanil GhoziList of authors in order
- Landing page
-
https://doi.org/10.22219/kinetik.v10i1.2051Publisher landing page
- Open access
-
YesWhether a free full text is available
- OA status
-
diamondOpen access status per OpenAlex
- OA URL
-
https://doi.org/10.22219/kinetik.v10i1.2051Direct OA link when available
- Concepts
-
Malware, Computer science, Information gain, Ensemble learning, Information gain ratio, Artificial intelligence, Machine learning, Computer security, Decision treeTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4406707501 |
|---|---|
| doi | https://doi.org/10.22219/kinetik.v10i1.2051 |
| ids.doi | https://doi.org/10.22219/kinetik.v10i1.2051 |
| ids.openalex | https://openalex.org/W4406707501 |
| fwci | 0.0 |
| type | article |
| title | Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11241 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9986000061035156 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1711 |
| topics[0].subfield.display_name | Signal Processing |
| topics[0].display_name | Advanced Malware Detection Techniques |
| topics[1].id | https://openalex.org/T10400 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9922999739646912 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1705 |
| topics[1].subfield.display_name | Computer Networks and Communications |
| topics[1].display_name | Network Security and Intrusion Detection |
| topics[2].id | https://openalex.org/T11512 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.980400025844574 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1702 |
| topics[2].subfield.display_name | Artificial Intelligence |
| topics[2].display_name | Anomaly Detection Techniques and Applications |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C541664917 |
| concepts[0].level | 2 |
| concepts[0].score | 0.7158352136611938 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q14001 |
| concepts[0].display_name | Malware |
| concepts[1].id | https://openalex.org/C41008148 |
| concepts[1].level | 0 |
| concepts[1].score | 0.6969705820083618 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[1].display_name | Computer science |
| concepts[2].id | https://openalex.org/C2983203078 |
| concepts[2].level | 2 |
| concepts[2].score | 0.6581272482872009 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q255166 |
| concepts[2].display_name | Information gain |
| concepts[3].id | https://openalex.org/C45942800 |
| concepts[3].level | 2 |
| concepts[3].score | 0.6467646360397339 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q245652 |
| concepts[3].display_name | Ensemble learning |
| concepts[4].id | https://openalex.org/C202185110 |
| concepts[4].level | 3 |
| concepts[4].score | 0.5363437533378601 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q6031086 |
| concepts[4].display_name | Information gain ratio |
| concepts[5].id | https://openalex.org/C154945302 |
| concepts[5].level | 1 |
| concepts[5].score | 0.4615848660469055 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[5].display_name | Artificial intelligence |
| concepts[6].id | https://openalex.org/C119857082 |
| concepts[6].level | 1 |
| concepts[6].score | 0.43168407678604126 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q2539 |
| concepts[6].display_name | Machine learning |
| concepts[7].id | https://openalex.org/C38652104 |
| concepts[7].level | 1 |
| concepts[7].score | 0.16984835267066956 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[7].display_name | Computer security |
| concepts[8].id | https://openalex.org/C84525736 |
| concepts[8].level | 2 |
| concepts[8].score | 0.1332891583442688 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q831366 |
| concepts[8].display_name | Decision tree |
| keywords[0].id | https://openalex.org/keywords/malware |
| keywords[0].score | 0.7158352136611938 |
| keywords[0].display_name | Malware |
| keywords[1].id | https://openalex.org/keywords/computer-science |
| keywords[1].score | 0.6969705820083618 |
| keywords[1].display_name | Computer science |
| keywords[2].id | https://openalex.org/keywords/information-gain |
| keywords[2].score | 0.6581272482872009 |
| keywords[2].display_name | Information gain |
| keywords[3].id | https://openalex.org/keywords/ensemble-learning |
| keywords[3].score | 0.6467646360397339 |
| keywords[3].display_name | Ensemble learning |
| keywords[4].id | https://openalex.org/keywords/information-gain-ratio |
| keywords[4].score | 0.5363437533378601 |
| keywords[4].display_name | Information gain ratio |
| keywords[5].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[5].score | 0.4615848660469055 |
| keywords[5].display_name | Artificial intelligence |
| keywords[6].id | https://openalex.org/keywords/machine-learning |
| keywords[6].score | 0.43168407678604126 |
| keywords[6].display_name | Machine learning |
| keywords[7].id | https://openalex.org/keywords/computer-security |
| keywords[7].score | 0.16984835267066956 |
| keywords[7].display_name | Computer security |
| keywords[8].id | https://openalex.org/keywords/decision-tree |
| keywords[8].score | 0.1332891583442688 |
| keywords[8].display_name | Decision tree |
| language | en |
| locations[0].id | doi:10.22219/kinetik.v10i1.2051 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4210206379 |
| locations[0].source.issn | 2503-2259, 2503-2267 |
| locations[0].source.type | journal |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | 2503-2259 |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | Kinetik Game Technology Information System Computer Network Computing Electronics and Control |
| locations[0].source.host_organization | https://openalex.org/P4310314982 |
| locations[0].source.host_organization_name | Muhammadiyah University of Malang |
| locations[0].source.host_organization_lineage | https://openalex.org/P4310314982 |
| locations[0].source.host_organization_lineage_names | Muhammadiyah University of Malang |
| locations[0].license | |
| locations[0].pdf_url | |
| locations[0].version | publishedVersion |
| locations[0].raw_type | journal-article |
| locations[0].license_id | |
| locations[0].is_accepted | True |
| locations[0].is_published | True |
| locations[0].raw_source_name | Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control |
| locations[0].landing_page_url | https://doi.org/10.22219/kinetik.v10i1.2051 |
| indexed_in | crossref |
| authorships[0].author.id | https://openalex.org/A5014166866 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Ramadhan Rakhmat Sani |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Ramadhan Rakhmat Sani |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5031942384 |
| authorships[1].author.orcid | https://orcid.org/0000-0003-3046-2276 |
| authorships[1].author.display_name | Fauzi Adi Rafrastara |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Fauzi Adi Rafrastara |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5114767152 |
| authorships[2].author.orcid | |
| authorships[2].author.display_name | Wildanil Ghozi |
| authorships[2].author_position | last |
| authorships[2].raw_author_name | Wildanil Ghozi |
| authorships[2].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://doi.org/10.22219/kinetik.v10i1.2051 |
| open_access.oa_status | diamond |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T03:46:38.306776 |
| primary_topic.id | https://openalex.org/T11241 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9986000061035156 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1711 |
| primary_topic.subfield.display_name | Signal Processing |
| primary_topic.display_name | Advanced Malware Detection Techniques |
| related_works | https://openalex.org/W2784382611, https://openalex.org/W2367616228, https://openalex.org/W4312502896, https://openalex.org/W2771317484, https://openalex.org/W4376643315, https://openalex.org/W2367932743, https://openalex.org/W1986366279, https://openalex.org/W4324137541, https://openalex.org/W2348174691, https://openalex.org/W2900445707 |
| cited_by_count | 0 |
| locations_count | 1 |
| best_oa_location.id | doi:10.22219/kinetik.v10i1.2051 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4210206379 |
| best_oa_location.source.issn | 2503-2259, 2503-2267 |
| best_oa_location.source.type | journal |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | 2503-2259 |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | Kinetik Game Technology Information System Computer Network Computing Electronics and Control |
| best_oa_location.source.host_organization | https://openalex.org/P4310314982 |
| best_oa_location.source.host_organization_name | Muhammadiyah University of Malang |
| best_oa_location.source.host_organization_lineage | https://openalex.org/P4310314982 |
| best_oa_location.source.host_organization_lineage_names | Muhammadiyah University of Malang |
| best_oa_location.license | |
| best_oa_location.pdf_url | |
| best_oa_location.version | publishedVersion |
| best_oa_location.raw_type | journal-article |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | True |
| best_oa_location.is_published | True |
| best_oa_location.raw_source_name | Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control |
| best_oa_location.landing_page_url | https://doi.org/10.22219/kinetik.v10i1.2051 |
| primary_location.id | doi:10.22219/kinetik.v10i1.2051 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4210206379 |
| primary_location.source.issn | 2503-2259, 2503-2267 |
| primary_location.source.type | journal |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | 2503-2259 |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | Kinetik Game Technology Information System Computer Network Computing Electronics and Control |
| primary_location.source.host_organization | https://openalex.org/P4310314982 |
| primary_location.source.host_organization_name | Muhammadiyah University of Malang |
| primary_location.source.host_organization_lineage | https://openalex.org/P4310314982 |
| primary_location.source.host_organization_lineage_names | Muhammadiyah University of Malang |
| primary_location.license | |
| primary_location.pdf_url | |
| primary_location.version | publishedVersion |
| primary_location.raw_type | journal-article |
| primary_location.license_id | |
| primary_location.is_accepted | True |
| primary_location.is_published | True |
| primary_location.raw_source_name | Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control |
| primary_location.landing_page_url | https://doi.org/10.22219/kinetik.v10i1.2051 |
| publication_date | 2025-01-22 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 6, 83, 158 |
| abstract_inverted_index.21 | 152 |
| abstract_inverted_index.It | 144 |
| abstract_inverted_index.To | 79 |
| abstract_inverted_index.an | 199 |
| abstract_inverted_index.is | 25, 38, 93 |
| abstract_inverted_index.of | 3, 18, 45, 86, 117, 203 |
| abstract_inverted_index.on | 51, 90, 102, 108 |
| abstract_inverted_index.to | 9 |
| abstract_inverted_index.One | 17 |
| abstract_inverted_index.The | 0, 132, 180 |
| abstract_inverted_index.and | 14, 33, 57, 68, 128, 142, 164, 168, 176, 201 |
| abstract_inverted_index.but | 71 |
| abstract_inverted_index.can | 48, 64, 98 |
| abstract_inverted_index.for | 76, 121, 148 |
| abstract_inverted_index.its | 103 |
| abstract_inverted_index.new | 84 |
| abstract_inverted_index.not | 65 |
| abstract_inverted_index.now | 49 |
| abstract_inverted_index.the | 19, 42, 115, 155, 184, 195 |
| abstract_inverted_index.Data | 170 |
| abstract_inverted_index.Gain | 147, 191 |
| abstract_inverted_index.This | 95, 112 |
| abstract_inverted_index.also | 72 |
| abstract_inverted_index.both | 174 |
| abstract_inverted_index.each | 77 |
| abstract_inverted_index.like | 11, 54 |
| abstract_inverted_index.most | 20 |
| abstract_inverted_index.only | 66 |
| abstract_inverted_index.take | 50 |
| abstract_inverted_index.than | 106 |
| abstract_inverted_index.that | 183 |
| abstract_inverted_index.this | 81 |
| abstract_inverted_index.used | 145 |
| abstract_inverted_index.with | 189 |
| abstract_inverted_index.These | 60 |
| abstract_inverted_index.based | 89, 101 |
| abstract_inverted_index.faced | 24 |
| abstract_inverted_index.forms | 53 |
| abstract_inverted_index.poses | 5 |
| abstract_inverted_index.rapid | 1 |
| abstract_inverted_index.study | 113, 133, 156 |
| abstract_inverted_index.three | 135 |
| abstract_inverted_index.types | 63 |
| abstract_inverted_index.using | 124 |
| abstract_inverted_index.which | 47, 172 |
| abstract_inverted_index.99.2%. | 204 |
| abstract_inverted_index.Random | 140 |
| abstract_inverted_index.Static | 163 |
| abstract_inverted_index.called | 161 |
| abstract_inverted_index.create | 73 |
| abstract_inverted_index.detect | 99 |
| abstract_inverted_index.mobile | 15 |
| abstract_inverted_index.models | 120 |
| abstract_inverted_index.nature | 44 |
| abstract_inverted_index.public | 159 |
| abstract_inverted_index.rather | 105 |
| abstract_inverted_index.static | 175 |
| abstract_inverted_index.threat | 8 |
| abstract_inverted_index.trojan | 31 |
| abstract_inverted_index.unique | 74 |
| abstract_inverted_index.worms, | 30 |
| abstract_inverted_index.Dynamic | 165 |
| abstract_inverted_index.Forest, | 141 |
| abstract_inverted_index.Set’, | 171 |
| abstract_inverted_index.address | 80 |
| abstract_inverted_index.against | 41 |
| abstract_inverted_index.dataset | 160 |
| abstract_inverted_index.dynamic | 177 |
| abstract_inverted_index.feature | 129, 149, 192 |
| abstract_inverted_index.highest | 196 |
| abstract_inverted_index.horses, | 32 |
| abstract_inverted_index.machine | 91, 118 |
| abstract_inverted_index.malware | 4, 62, 100, 122, 178 |
| abstract_inverted_index.needed. | 94 |
| abstract_inverted_index.phones. | 16 |
| abstract_inverted_index.relying | 107 |
| abstract_inverted_index.results | 181 |
| abstract_inverted_index.serious | 21 |
| abstract_inverted_index.threats | 22 |
| abstract_inverted_index.various | 52, 125 |
| abstract_inverted_index.Boosting | 186 |
| abstract_inverted_index.F1-Score | 202 |
| abstract_inverted_index.Features | 166 |
| abstract_inverted_index.Gradient | 138, 185 |
| abstract_inverted_index.VxHeaven | 167 |
| abstract_inverted_index.accuracy | 200 |
| abstract_inverted_index.achieved | 194 |
| abstract_inverted_index.advanced | 61 |
| abstract_inverted_index.approach | 97 |
| abstract_inverted_index.becoming | 39 |
| abstract_inverted_index.combined | 188 |
| abstract_inverted_index.commonly | 23 |
| abstract_inverted_index.compared | 134 |
| abstract_inverted_index.devices, | 10 |
| abstract_inverted_index.employed | 157 |
| abstract_inverted_index.ensemble | 126, 136 |
| abstract_inverted_index.explored | 114 |
| abstract_inverted_index.learning | 92, 119 |
| abstract_inverted_index.malware, | 46 |
| abstract_inverted_index.methods. | 111 |
| abstract_inverted_index.outdated | 109 |
| abstract_inverted_index.personal | 12 |
| abstract_inverted_index.reaching | 198 |
| abstract_inverted_index.software | 37, 88 |
| abstract_inverted_index.viruses, | 29 |
| abstract_inverted_index.AdaBoost. | 143 |
| abstract_inverted_index.Boosting, | 139 |
| abstract_inverted_index.algorithm | 187 |
| abstract_inverted_index.analyzing | 151 |
| abstract_inverted_index.antivirus | 36, 87 |
| abstract_inverted_index.behavior, | 104 |
| abstract_inverted_index.computers | 13 |
| abstract_inverted_index.detection | 123 |
| abstract_inverted_index.features. | 153, 179 |
| abstract_inverted_index.including | 28 |
| abstract_inverted_index.malicious | 26 |
| abstract_inverted_index.replicate | 67 |
| abstract_inverted_index.selection | 130, 193 |
| abstract_inverted_index.software, | 27 |
| abstract_inverted_index.variants. | 59 |
| abstract_inverted_index.VirusTotal | 169 |
| abstract_inverted_index.algorithms | 127 |
| abstract_inverted_index.challenge, | 82 |
| abstract_inverted_index.distribute | 69 |
| abstract_inverted_index.generation | 85 |
| abstract_inverted_index.offspring. | 78 |
| abstract_inverted_index.selection, | 150 |
| abstract_inverted_index.‘Malware | 162 |
| abstract_inverted_index.Information | 146, 190 |
| abstract_inverted_index.advancement | 2 |
| abstract_inverted_index.algorithms: | 137 |
| abstract_inverted_index.demonstrate | 182 |
| abstract_inverted_index.encompasses | 173 |
| abstract_inverted_index.ineffective | 40 |
| abstract_inverted_index.integration | 116 |
| abstract_inverted_index.intelligent | 96 |
| abstract_inverted_index.ransomware. | 34 |
| abstract_inverted_index.significant | 7 |
| abstract_inverted_index.techniques. | 131 |
| abstract_inverted_index.themselves, | 70 |
| abstract_inverted_index.Conventional | 35 |
| abstract_inverted_index.fingerprints | 75 |
| abstract_inverted_index.metamorphic, | 56 |
| abstract_inverted_index.oligomorphic | 58 |
| abstract_inverted_index.performance, | 197 |
| abstract_inverted_index.polymorphic, | 55 |
| abstract_inverted_index.Additionally, | 154 |
| abstract_inverted_index.ever-evolving | 43 |
| abstract_inverted_index.fingerprint-based | 110 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 3 |
| citation_normalized_percentile.value | 0.01722592 |
| citation_normalized_percentile.is_in_top_1_percent | False |
| citation_normalized_percentile.is_in_top_10_percent | False |