Table 2 A comparison of related work based on dynamic analysis techniques.
From: Efficient feature ranked hybrid framework for android Iot malware detection
Ref. | Feature | Accuracy | ML techniques | Contribution | Recommendations |
|---|---|---|---|---|---|
Memory, API calls, network, battery, logcat, and process features totaling 141 dynamic characteristics | 98.4% | Decision Tree, Random Forest | Dynamic features are analyzed before and after rebooting the emulator, with entropy values calculated to track behavioral changes across 12 malware categories and 147 families, Using the CCCS-CIC-AndMal2020 dataset, the authors dynamically analyzed a large set of malware and benign samples to ensure robust classification and characterization. | The paper suggests extending the dynamic analysis to real devices, as some malware samples detect and avoid emulation environments, reducing the effective sample size, incorporating more feature types, particularly those that may bypass or obscure emulation detection, could enhance the detection model’s accuracy and reliability​ | |
Network traffic data | 99.73% | Random Forest (RF), Support Vector Machine (SVM), Decision Tree (DT), and Convolutional Neural Network (CNN) | Development of a BIR-CNN (Batch-normalized Inception-Residual CNN) model to classify Android malware, integrating inception-residual network modules with batch normalization to enhance learning and avoid overfitting, proposal of a 347-dimensional network traffic feature extraction method, improving feature comprehensiveness and model accuracy | Extend the BIR-CNN model for emerging Android software classification, identifying both benign and malicious applications, as well as categorizing new malware families, explore new datasets with diverse static and dynamic features for broader validation, enhancing the model’s generalizability across various network traffic profiles​ | |
Permissions, API calls, intents | 93.7% | SVM | the development of Sec-SVM, a secure-learning algorithm that enhances resilience against evasion attacks. | Applying secure-learning paradigms to other security tasks and continuing research on adversary-aware machine learning techniques, extending the secure-learning approach to other malware detection tasks and integrating dynamic analysis | |
Permissions and API calls | 98.8% | SVM, MLP | The paper presents MLDroid, a web-based Android malware detection framework that effectively uses permissions and API calls to distinguish between benign and malicious apps. | exploring additional machine learning models and feature selection methods to further enhance malware detection capabilities, the application of MLDroid in real-world scenarios for detecting both known and unknown malware families efficiently. | |
Opcode, API features, and permission | 98% | DNN | Android malware detection framework that utilizes multiple static features and a multimodal deep learning approach to improve detection accuracy | Exploring integrating dynamic features with the existing static feature-based framework to enhance detection capabilities, using the proposed multimodal deep learning appro3ach as it effectively improves the accuracy of Android malware detection​ | |
API calls, permissions, intents | 93.4% | Deep ANN | The paper introduces DeepAMD, a novel approach for detecting and identifying Android malware, which outperforms existing methods by enhancing detection accuracy on both static and dynamic layers​ | Developing an online service to allow users to check whether an application is benign or malicious before downloading it​, using DeepAMP for effective and accurate detection and identification of Android malware, as it shows superior performance compared to other existing techniques | |
Permissions | 99.97% | MLP, KNN and Random forest | The research evaluates 49 malware families using extensive datasets and demonstrates the effectiveness of machine learning classifiers in mobile malware detection. | The authors suggest further exploration of dynamic analysis techniques and broader datasets to improve detection accuracy, integrating anomaly-based intrusion detection systems with machine learning classifiers for enhanced mobile malware detection capabilities. | |
Runtime network-behavioral | 98.6–99.1% | CNN, LSTM | In this paper, a collaborative threat intelligence framework for IoT is suggested that integrates blockchain for the secure sharing of threat data among the devices and applies machine learning models (CNN/LSTM among others) to the shared behavioral data for detection improvement across many devices. It showcases the capability of the decentralized ledger technology along with the collective intelligence to increase the detection of malware/attacks in the IoT significantly over the single-device solutions. | Implementing the framework in actual heterogeneous IoT networks (not just the dataset) so that its scalability and robustness can be validated. They also suggest investigating privacy-preserving sharing mechanisms, advanced ML models for evolving threats, and lightweight deployment appropriate for IoT devices with limited power further. |
