Table 11 Comparison of android malware detection frameworks.
From: Efficient feature ranked hybrid framework for android Iot malware detection
Study & Year | Method Type | Features/Approach | Accuracy | F1-Score | Computational Cost | Notes/Limitations |
|---|---|---|---|---|---|---|
MLDroid (2021)26 | Hybrid ML | Multiple static features, ML ensemble | 97.2% | 0.96 | High | Heavy preprocessing; multi-stage pipeline |
DeepAMD (2021)27 | Deep Learning (ANN) | Dense neural network on behavioral features | 96.1% | 0.95 | Very High (GPU) | Sensitive to imbalance; requires GPU |
Chybridroid (2020)29 | Hybrid Static + Dynamic | Permissions + API calls + behavioral logs | 94.8% | 0.92 | High | Complex design; high overhead |
Waqar et al. (2023)1 | CNN | Raw IoT malware images | 98.12% | 0.97 | Very High (GPU) | Model is heavy for deployment |
Yumlembam et al. (2023)5 | GNN | Graph neural network with adversarial defense | 97.5% | 0.96 | Very High | Complex model; slower inference |
Ren et al. (2020)6 | Deep Learning | End-to-end static + dynamic DL | 94.0% | 0.92 | Very High | Not suitable for low-resource IoT |
El Fiky et al. (2021)7 | ML (RF/SVM) | Static permissions + metadata | 95.6% | 0.94 | Medium | Strong variation based on features |
Akash et al. (2022)16 | RF + ICA | Botnet traffic + ICA reduction | 96.4% | 0.95 | Low | ML-based, low-resource |
Hussein et al. (2021)17 | RF + One-Hot Encoding | IoT IDS | 96.9% | 0.96 | Low | Strong but limited to network IDS |
Wajahat et al. (2024)43 | Optimized DL | CNN-DL hybrid | 98.2% | 0.97 | Very High | Requires GPU; high training cost |
GuardDroid (2024)57 | Lightweight DL | Transparent lightweight CNN | 97.88% | 0.96 | Medium | Designed for mobile devices |
Kurniawan et al. (2025)24 | ML Hybrid | Permission + behavior fusion | 97.4% | 0.96 | Medium | Multiple feature stages |
Senanayake et al. (2023)3 | Code-based | Source-code vulnerability detectors | N/A | N/A | Very High | Targets vulnerabilities not malware |
Kim et al. (2022)49 | CNN + Residual Blocks | Image-based malware matrix | 97.5% | 0.96 | High | Deep model; not lightweight |
Xiao et al. (2019)35 | LSTM | System call sequences | 96% | 0.94 | High | Sequential deep learning |
Chowdhury & Ahmed (2025)31 | IoT-integrated AI Security App (ML) | Permissions monitoring + anomaly detection + IoT-device telemetry | 95.8% | 0.94 | Medium | Focuses on building a security app rather than benchmarking ML models; dataset limited to lab-generated scenarios; lacks multi-dataset validation |
Our Proposed Framework (2025) | Hybrid ML (RF + Dual Ranking) | Static + Dynamic, InfoGain + Gini Ranking | 99.03–100% | 0.98–1.00 | Low | No GPU required; interpretable; stable across cross-validation; generalizable across 4 datasets but it not suitable for large datasets |
