The presented EAMD-SATM method utilizes the min-max approach for the data pre-processing process [ 16 ]. The min-max normalization is influential in data pre-processing for Android malware recognition, certifying that values of a feature are adapted to a constant range among 0 and 1. By converting data in this method, min-max normalization allows for impartial comparison and effectual training of machine learning (ML) methods, allowing precise classification of malicious behaviors and patterns within Android applications. This standardized method improves the abilities of detection, making the network more robust against developing malware attacks in the IoV context. 3.2.

The SA-T technique is employed for the classification process of the proposed model [ 17 ]. These methods are signified by an input feature sequence that is employed to encrypt every case in the database. In this research paper, we contain = [!, ", … , #], signify the sequence of input features, whereas represents the length of sequence. The self‐attention method identifies the relationship among numerous features in the series and provides a weight depending on how significant it is for other attributes. To take numerous kinds of relations and enhance the efficiency of the model, numerous equivalent layers of self-attention are employed. The outputs are served into feed‐forward neural networks for recognizing the non‐linear relations and deliver last forecasts, This attention‐based method structure with multi‐head attention and self‐attention methods effectively attains dependencies and connections within the series of inputs. Fig. 2 represents the structure of the transformer method.

In the self‐attention-based transformer method, location encoding and input embedding are dual vital methods. The series of inputs is signified by utilizing these phases, which is suitable for the following self‐attention layer. The numerical features and definite variables of every case are decoded to constant vector representation over input embeddings. While, ($) signifies the embedding of the case ($) and ($) epitomizes the measured mathematical features of ($). The concatenated input embedding ($) is calculated as: $% = [($), ($)]. The method understands the series of instances by utilizing location encoded that inserts position data to the sequence of input. The self‐attention‐based transformer method effectively handles the series of inputs, gathering both positional information and feature representation by implementing location encoding and input embedding phases.

Transformer Encoder: A sequence of embedded features and positional encoding. To detect relationships and obtain significant representation from the series of inputs, use a load of the Transformer encoder layer. It is calculated as, () = [!(), "(), … , #()], whereas every () signifies the representation of output for the equivalent location in the series.

Self‐Attention: The Transformer method's ability to discover links among features, which go away from adjacency of sequence is a new stimulating characteristic of this method. The self‐attention method was employed to acquire the relationship amid numerous points in every Transformer Encoder layer. The resemblance amongst the vectors of key and query is employed to define the attention weight (AW) for every point. The AW demonstrates the relative significance of every location. The AW computation is given below: = − max 9&'(? (1) √

Here, ( and denotes the key and query related to input embedding (!, ", … , $). By employing the attention weight matrix AW, we build a weighted sum of the value vector as the later value vector:

(, *) = ⋅ (2)

Here, * signifies the input embedding. Moreover, we tackle the problem of the variable length by using the similar padding mask model as the Transformer. Over the embedding layer usage, we hold the core of every feature in the assumed input series .

+$ = +$ ⋅ (3)

The visited embedding +$ and learning parameters +$ are intricate in the procedure. This layer acts as the drive for incorporating and preserving sequential data into the method.

Follow the self‐attention tactic to improve the representation via using feed‐forward neural networks to every point distinctly. An activation function of non‐linear splits the dual linear layers, which compose the feed‐forward networks. Attach the input features to the output of the self‐attention device and the feed‐forward network output to generate the remaining connections. After that, the features of every sub-layer are regularized utilizing the layer normalization process.

The Transformer Decoder layer output feeds over a fully connected (FC) layer. To define the likelihoods of the last output, utilize the activation function of softmax.

= max (* + ) (4) 3.3.

The MOA approach is employed for the hyperparameter tuning process EAMD-SATM approach [ 18 ]. The MOA model is a metaheuristic technique simulated by the population; it addresses the optimization problems through the iteration process. The MOA includes candidate solutions in the problem space. The population is initialized based on Eq. (6) at the initial stage of the optimization process and modelled using a matrix in Eq. (5). The values of decision variable can be described by all the members based on the search space location. Additionally, the search ability of population to discover an optimal solution.

⎡ ⋮! ⎤ ⎡ !,! !,$ !,/ ⎤ = ⎢⎢ , ⎥⎥ = ⎢⎢ , ,! , ,$ , ,/ ⎥⎥ (5) ⎢ ⋮ ⎥ ⎢ ⎥ ⎣-⎦-×/ ⎣-,! -,! -,!⎦-×/ , ,$ = $ + (0,1) × ($ − $), = 1,2, … . , , = 1,2, … . , (6) Now, denotes the population matrix, is the number of population participants, is the quantity of decision parameters, , = , ,!, … . , , ,$, … . , , ,/ denotes the 12 solution of a candidate, the , ,$ is the 12 a variable that the random function within [ 0,1 ], and $ and $ are upper and lower limitations of the decision 12 parameters.

The members of the population provide solutions to these problems, which is enhanced. The function of cost is described by the population individual for the decision variable. = ⎡⎢⎢⋮,! ⎤⎥⎥ = ⎡⎢⎢(\⋮,!])⎤⎥⎥ (7) ⎢ ⋮ ⎥ ⎢ ⋮ ⎥ ⎣-⎦-×! ⎣(-)⎦-×! Now, and , are the vector cost function value for the 12 individuals.

The value of cost function evaluates the solution quality generated by the population members. In every iteration, the individual locations and best individual of the population are upgraded. Therefore, the best individual in population resolves the problems in the last iteration.

Consider the mathematical modeling of raising children by mother through interaction. In the MOA, the population can be upgraded in three different stages as follows:

Education or exploration stage: This stage is based on the children's education in the proposed MOA. The objective is to increase the global search and exploration capabilities by making huge alterations in the distinct position. Since the behavior of mother's during the children's training is noble, and considered as fittest member. A new location for every individual is generated by using Eq. (9). If the values of the benchmark function increase in the updated position, then it is demonstrated as a corresponding member place as follows ,3,$! = , ,$ + (0,1) × ($ − (2) × , ,$) (8) , = a43̇!, , 3! ≤ , , (9) , , , Where $ is the 12 size of the mother’s position, , ,$ is the 12 size of 12 individual location, , and ,3! are the updated locations calculated for the 12 individuals, ,3,$! shows its 12 dimension, , 3! is the cost function value, and the is a uniformly generated integer within [ 0,1 ] and [ 1,2 ].

Advice or Exploration Stage: A mother's responsibility is raising the children, which is of great importance to guide their children and not allow them to misbehave. This allows global search and exploration by creating huge alterations in the member location. If an individual position in the population is exceeded by other individuals with the highest value of cost function is assumed as a rare method that must be prohibited. Every individual’s bad behavior ($) is determined by the comparative review of the cost function value. The members are arbitrarily selected from the set of worst behaviors for $, using a uniform distribution. Firstly, a new location is generated for each individual using Eq. (10). This keeps the child far from the bad behavior. If there is an increase in cost function value, then a new position replaces the earlier one based on Eq. (11).

Exploitation and upbringing stage: Mother uses dissimilar approaches to encourage their kids to enhance their abilities in the learning method. On the other hand, upbringing assists individuals to recover their capability in exploitation and local search by making small changes in individual locations. To stimulate this, a new location is generated for every individual based on the behavior development of children. If the cost function value improves, it replaces the preceding location, as follows: 43̇,$6 = , ,$ + \1 − 2 × (0,1)] ×

36, 43̇6 ≤ $; , a,, , , $ − $ Where ,36 denotes the updated location, which is evaluated for the 12 individuals, ,3,$6 is its 12 dimension, , 36 denotes the cost function value, the is a randomly generated integer within [ 0,1 ]; denotes, the iteration counter.

The fitness range is the extensive aspect influencing the achievement of the MOA method. The hyperparameter assortment method includes the solution-encoded method to compute the value of the candidate solution. In this research work, the MOA esteems accuracy as the main feature for inventing the fitness function that is expressed below.

= max ()

= + Whereas, and portray the true and false positive values.

Benign Malware

5000 2500 7500

Table 2, reports an android malware detection result of EAMD-SATM technique under 70%TRAP and 30%TESP. In Fig. 3, the average outcomes presented by the EAMD-SATM approach on 70% of TRAS is emphasized. This figure displayed that the EAMD-SATM system attains efficient results. With 70%TRAP, the EAMD-SATM approach achieves average 7 of 97.30%, # of 97.60%, 8 of 96.33%, 9(*:&;( of 96.93%, and of 93.93%.

In Fig. 4, the average outcomes provided by the EAMD-SATM technique on 30% of TESP are underlined. The figure portrayed that the EAMD-SATM system obtains proficient results. With 30%TESP, the EAMD-SATM methodology achieves average 7 of 97.69%, # of 97.82%, 8 of 96.93%, 9(*:&;( of 97.36%, and of 94.75%.

Fig. 5 illustrates the classifier outcomes of EAMD-SATM approach. Fig. 5a shows the accuracy study of the EAMD-SATM approach. This figure shows that the EAMD-SATM method achieves growing values over increased epoch counts. Then, Fig. 5b demonstrates the loss study of the EAMD-SATM technique. The outcomes specify that the EAMD-SATM methodology achieves adjacent outcomes of training and validation loss. Fig. 5c reported the study of PR in the EAMD-SATM system. The outcomes indicated that the EAMD-SATM method outcomes in growing PR values. At last, Fig. 5d shows the ROC examination of the EAMD-SATM technique. The figure represented, that the EAMD-SATM approach results in enhanced values of ROC.

EAMD-SATM

J48 Model Decision Table

Naive Bayes

SMO Classifier Logistic Algorithm

AdaBoostM1

In Table 3 and Fig. 6, the efficient results of the EAMD-SATM technique were experienced compared with recent techniques [ 21-23 ]. The outcomes indicated, that the Naive Bayes & AdaBoostM1 method displayed inferior outcomes. Together, the J48, Decision Table, SMO, and Logistic Algorithm approaches have depicted nearer results. However, the EAMD-SATM model handled reporting the highest outcomes with higher 7, #, 8, and 9(*:&;( of 97.69%, 97.82%, 96.93%, and 97.36%, appropriately.