An optimized Stacking Ensemble Framework for Malware Detection Using XGBoost and Random Forest
Keywords:
XGBoost, Feature Selection, Stacking Ensemble, CICMalDroid 2020, SMOTEAbstract
. Android devices are increasingly targeted by malware due to their widespread adoption and open ecosystem. Traditional signature-based detection methods are insufficient for evolving threats, highlighting the need for intelligent approaches. This study proposes an enhanced Android malware classification framework using XGBoost, Random Forest for feature selection, and a stacking ensemble. The CICMalDroid 2020 dataset was preprocessed through outlier removal, robust scaling, binary transformation, and SMOTE-based class balancing. Experimental results show that the stacking ensemble achieves the highest detection performance with 98.14% accuracy, 93.62% F1-score, and 99.63% ROC-AUC, outperforming individual models. Additionally, using RF as features selector improves computational efficiency, reducing training and testing times. These findings demonstrate that integrating advanced machine learning techniques enhances both the effectiveness and efficiency of Android malware detection.
References
Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” Proc. IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 95–109, 2012.
A. Raval and M. Anwar, “Android malware detection: An empirical investigation into machine learning classifiers,” in Proc. 2024 IEEE Int. Conf. on Information Reuse and Integration for Data Science (IRI), 2024, pp. 180–187, doi: 10.1109/IRI62200.2024.00039
F. Saleem, A. R. Javed, F. Iqbal, A. Castiglione, X. Chang, and A. Almomani, “Android malware detection using feature ranking of permissions,” arXiv preprint, arXiv:2201.08468, 2022.
D. B. Ansori, J. Slamet, M. Z. Ghufron, A. Kurniawan, and D. I. Sensuse, “Android malware classification using gain ratio and ensembled machine learning,” Int. J. Safety and Security Engineering, vol. 14, no. 1, pp. 245–254, 2024, doi: 10.18280/ijsse.140126.
C. Palma, A. Ferreira, and M. Figueiredo, “Explainable machine learning for malware detection on Android applications,” Information, vol. 15, no. 1, Art. no. 25, 2024, doi: 10.3390/info15010025.
Wang, X., Zhang, L., Zhao, K., Ding, X., & Yu, M. (2022). MFDroid: A stacking ensemble learning framework for Android malware detection. Sensors, 22(7), 2597.
R. Adriansyah, P. Sukarno, and A. A. Wardana, “Android malware detection using ensemble learning and feature selection with insights from SHAP explainable AI,” in Proc. Int. Seminar on Intelligent Technology and Its Applications (ISITIA), 2024, pp. 1–6, doi: 10.1109/ISCMI63661.2024.10851666.
E. Alsharif and M. Alharby, “An ensemble machine learning approach for detecting and classifying malware attacks on mobile devices,” Arabian Journal for Science and Engineering, 2025, doi: 10.1007/s13369-025-10011-5.
A. Alhogail and R. A. Alharbi, “Effective machine learning-based Android malware detection and categorization,” Electronics, vol. 14, no. 8, Art. no. 1486, 2025, doi: 10.3390/electronics14081486.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Mohammed M Elsheh، Fatima A Aboudabous
This work is licensed under a Creative Commons Attribution 4.0 International License.
