Comprehensive benchmarking of knowledge graph embeddings methods for Android malware detection

Kincl, Jan; Eftimov, Tome; Viktorin, Adam; Šenkeřík, Roman; Pavleska, Tanja

dc.title	Comprehensive benchmarking of knowledge graph embeddings methods for Android malware detection	en
dc.contributor.author	Kincl, Jan
dc.contributor.author	Eftimov, Tome
dc.contributor.author	Viktorin, Adam
dc.contributor.author	Šenkeřík, Roman
dc.contributor.author	Pavleska, Tanja
dc.relation.ispartof	Expert Systems with Applications
dc.identifier.issn	0957-4174 Scopus Sources, Sherpa/RoMEO, JCR
dc.identifier.issn	1873-6793 Scopus Sources, Sherpa/RoMEO, JCR
dc.date.issued	2025
utb.relation.volume	288
dc.type	article
dc.language.iso	en
dc.publisher	Elsevier Ltd
dc.identifier.doi	10.1016/j.eswa.2025.127888
dc.relation.uri	https://www.sciencedirect.com/science/article/pii/S0957417425015106
dc.relation.uri	https://www.sciencedirect.com/science/article/pii/S0957417425015106/pdfft?md5=9d3d4938b74ff907e480808ae181e9df&pid=1-s2.0-S0957417425015106-main.pdf
dc.subject	mobile android security	en
dc.subject	knowledge graphs embeddings	en
dc.subject	machine learning	en
dc.subject	Android malware detection	en
dc.description.abstract	The rising popularity and open-source model of the Android operating system has made it a main target for attackers creating malware applications. With the mobile industry being an expanding device ecosystem, there is a critical need for developing effective methods to protect against mobile malware. Recognizing the latest approaches and their limitations, we have conducted a comprehensive empirical analysis on the applicability of knowledge graphs for malware detection in view of the influence of the scoring functions, the vector dimension, the stability of the obtained results, the performance of the individual classifiers, and other important time dependencies. In addition, we propose a knowledge-graph based method aimed at improving the quality of classification input data, while offering greater interfacing capabilities with external knowledge and lower computational complexity. The proposed method offers a new perspective on working with Android malware, demonstrating a unique data processing pipeline for malware sample identification and encouraging further innovation in the field. Our findings demonstrate that knowledge graph representation is not only feasible, but also provides well-performing results, remaining competitive with state-of-the-art approaches.	en
utb.faculty	Faculty of Applied Informatics
dc.identifier.uri	http://hdl.handle.net/10563/1012479
utb.identifier.scopus	2-s2.0-105005861898
utb.identifier.wok	001500843200009
utb.identifier.coden	ESAPE
utb.source	j-scopus
dc.date.accessioned	2025-10-16T07:25:44Z
dc.date.available	2025-10-16T07:25:44Z
dc.description.sponsorship	Fakulta aplikované informatiky, Univerzita Tomáše Bati ve Zlíně, FAI; European Commission, EC; Univerzita Tomáše Bati ve Zlíně, UTB; Tomas Bata University in Zlín, TBU, (IGA/CebiaTech/2023/004); Tomas Bata University in Zlín, TBU; The Slovenian Research and Innovation Agency, ARIS, (P2-0098, P2-0037, GC-0001); The Slovenian Research and Innovation Agency, ARIS
dc.description.sponsorship	Internal Grant Agency of Tomas Bata University [IGA/CebiaTech/2023/004]; Faculty of Applied Informatics, Tomas Bata University in Zlin (ailab.fai.utb.cz); Tomas Bata University's Erasmus+ program; European Union; Slovenian Research and Innovation Agency through program [P2-0098, P2-0037, GC-0001]
dc.rights	Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri	http://creativecommons.org/licenses/by-nc-nd/4.0/
dc.rights.access	openAccess
utb.contributor.internalauthor	Viktorin, Adam
utb.contributor.internalauthor	Šenkeřík, Roman
utb.fulltext.sponsorship	Funding in direct support of this work: The Internal Grant Agency of Tomas Bata University under the project no. IGA/CebiaTech/2023/004, the resources of A.I.Lab at the Faculty of Applied Informatics, Tomas Bata University in Zlin (ailab.fai.utb.cz), the financial support of the Tomas Bata University’s Erasmus+ program for traineeship mobility supported by the European Union, and the Slovenian Research and Innovation Agency through program grants No. P2-0098 and No. P2-0037, and project No. GC-0001.
utb.wos.affiliation	[Kincl, Jan; Pavleska, Tanja] Jozef Stefan Inst, Lab Open Syst & Networks, Jamova Cesta 39, Ljubljana 1000, Slovenia; [Eftimov, Tome] Jozef Stefan Inst, Comp Syst Dept, Jamova Cesta 39, Ljubljana 1000, Slovenia; [Kincl, Jan] Jozef Stefan Int Postgrad Sch, Jamova Cesta 39, Ljubljana 1000, Slovenia; [Viktorin, Adam; Senkerik, Roman] Tomas Bata Univ Zlin, Fac Appl Informat, nam T G Masaryka 5555, Zlin 76001, Czech Republic; [Kincl, Jan] Univ Newcastle, Sch Informat & Phys Sci, Univ Dr, Newcastle, NSW 2308, Australia
utb.scopus.affiliation	Laboratory for Open Systems and Networks, Jozef Stefan Institute, Jamova Cesta 39, Ljubljana, 1000, Slovenia; The Computer Systems Department, Jozef Stefan Institute, Jamova Cesta 39, Ljubljana, 1000, Slovenia; Jožef Stefan International Postgraduate School, Jamova Cesta 39, Ljubljana, 1000, Slovenia; Faculty of Applied Informatics, Tomas Bata University in Zlin, nam. T. G. Masaryka 5555, Zlin, 76001, Czech Republic; School of Information and Physical Sciences, University of Newcastle, University Dr., Callaghan, Newcastle, 2308, NSW, Australia
utb.fulltext.projects	IGA/CebiaTech/2023/004
utb.fulltext.projects	P2-0098
utb.fulltext.projects	P2-0037
utb.fulltext.projects	GC-0001