Table 3 A comparison of related work based on hybrid analysis techniques.
From: Efficient feature ranked hybrid framework for android Iot malware detection
Ref. | Feature | Accuracy | ML techniques | Contribution | Recommendations |
|---|---|---|---|---|---|
Static Features: Application permissions, code structures, API calls, and network addresses. Dynamic Features: Runtime behaviors, system calls, network traffic data, and memory utilization. | 99.73% | Random Forest (RF), Support Vector Machine (SVM), Decision Tree (DT), and Convolutional Neural Network (CNN) | Development of a BIR-CNN (Batch-normalized Inception-Residual CNN) model to classify Android malware, integrating inception-residual network modules with batch normalization to enhance learning and avoid overfitting, proposal of a 347-dimensional network traffic feature extraction method, improving feature comprehensiveness and model accuracy | Extend the BIR-CNN model for emerging Android software classification, identifying both benign and malicious applications, as well as categorizing new malware families, explore new datasets with diverse static and dynamic features for broader validation, enhancing the model’s generalizability across various network traffic profiles​ | |
Static Features: MAC addresses for device authentication and encryption keys. Dynamic Features: Real-time data from wearable devices for predictive modeling and anomaly detection. | 99.99% | neural networks | Proposes a lightweight, hybrid mutual authentication framework using AES-128 encryption and MAC for secure communication in IoMT. Enables Big Data analytics and predictive modeling for early detection of health anomalies and improving patient outcomes. | Enhance the authentication process with multi-factor security techniques. Integrate advanced AI methods, such as deep learning and large language models, to improve predictive accuracy and adaptability. | |
Static Features: Permissions, code structures, API calls, and byte sequences from executable files. Dynamic Features: Behavioral patterns such as network operations, calls, and encryption activities | 98.50% | deep CNN (SB-BR-STM) with ensemble classifiers like SVM, MLP, and AdaBoostM1. | Proposed a novel Deep Squeezed-Boosted and Ensemble Learning (DSBEL) framework for IoT malware detection. Developed an innovative SB-BR-STM CNN to capture diverse and minute malicious patterns. Enhanced classification performance using boosted features and ensemble ML classifiers for improved generalization. | Extend the framework for real-time IoT malware detection across online and Android platforms. Explore its robustness against zero-day attacks and its applicability in smart homes, healthcare systems, and industrial control systems. | |
Static Features: Pre-defined attack signatures such as specific patterns of data packets and thresholds for behaviors (e.g., packet drops). Dynamic Features: Behavioral patterns of zero-day attacks identified through unsupervised machine learning using Generative Adversarial Networks (GANs) | 96% | GAN-based models | Proposed a trusted hybrid learning framework combining rule-based detection with GANs for robust detection of zero-day attacks. Introduced a Stackelberg trust game to improve collaboration and trust between distributed security engines. | Expand the framework to address more complex zero-day attacks by incorporating advanced machine learning models. Test and adapt the framework for large-scale real-world edge computing environments to ensure scalability and reliability. | |
Static Features: Permissions, API calls, application metadata, and network configuration. Dynamic Features: Runtime behaviors, system calls, memory usage, and network traffic patterns. | 99% | Random Forest, SVM | Proposed a hybrid malware detection framework integrating static and dynamic analyses for IoT and Android systems. Highlighted vulnerabilities in IoT and Android architectures and recommended robust countermeasures for securing devices. | Extend the hybrid approach to cover emerging threats and zero-day vulnerabilities. Adapt the framework to evolving IoT ecosystems, enhancing scalability and robustness. | |
Static Features: Metrics derived from software properties, optimized using Particle Swarm Optimization (PSO) for dimension reduction. Dynamic Features: Behavioral data processed through Multi-Layer Perceptron (MLP) for fault prediction. | High accuracy | PSO, MLP | Proposes a hybrid fault prediction model combining PSO and MLP for IoT applications. Introduces a formal verification framework using Labeled Transition Systems (LTS) and the Process Analysis Toolkit (PAT) to validate the model. | Explore meta-heuristic algorithms for hybrid fault prediction to improve performance. Analyze additional functional properties, such as completeness, soundness, and fairness, for broader applicability. | |
network traffic data such as packet headers, protocol information, source and destination IP addresses, port details, and behaviors associated with attack types like DoS, worms, and reconnaissance. | 96.98% | ANN, CNN, LSTM, and RNN | Developed the hybrid ACLR model for efficient botnet detection in IoT environments. Demonstrated superior performance over state-of-the-art models using comprehensive evaluation metrics (accuracy, precision, recall, F1-score, ROC-AUC, and PR-AUC). | Investigate reinforcement learning to automate training processes for improved adaptability. Enhance scalability and robustness for real-world applications in diverse IoT ecosystems. | |
Static Features: Electronic health records (EHR) such as blood pressure, sugar levels, cholesterol levels. Dynamic Features: Real-time sensor data including heart rate, body temperature, oxygen saturation, and respiratory rate. | 99.45% | autoencoder neural network, ALO | Proposed a hybrid cryptographic framework (ALO-DHT) combining Ant Lion Optimization, Diffie–Hellman, and Twofish cryptographic techniques for enhanced data security and privacy. Validated the framework with performance metrics like accuracy, precision, recall, F1 score, and energy consumption, outperforming existing techniques. | Address computational overhead and improve scalability for resource-constrained edge AI networks. Explore compression mechanisms and lightweight cryptographic algorithms for real-time applications. | |
Static Features: Permissions and intents extracted from APK files, including SEND_SMS, RECEIVE_SMS, and ACCESS_NETWORK_STATE. Dynamic Features: Runtime behaviors such as system calls, data leaks, cryptographic usage, and network activity logs. | 97% | Random Forest (RF), Support Vector Machines (SVM), Naive Bayes (NB), and TPOT | Proposed two hybrid frameworks, HybriDroid (hierarchical static and dynamic analysis) and cHybriDroid (simultaneous static and dynamic analysis), for robust Android malware detection. Demonstrated superior malware detection capabilities, especially against zero-day threats, by combining static and dynamic features. | Incorporate additional dynamic features like memory utilization and network statistics for broader coverage. Extend the framework to classify malware into specific families and enhance scalability for real-world applications. | |
Static Features: Predefined network traffic signatures and metadata from IoT devices. Dynamic Features: Real-time network traffic data, including packet behaviors during Mirai and BASHLITE botnet attacks. | 100% | CNN, LSTM | Developed a hybrid CNN-LSTM model for precise detection and classification of IoT botnet attacks. Validated the system with real-world datasets from four IoT-connected security cameras, achieving state-of-the-art performance. | Optimize the system for scalability and real-time applications in large-scale IoT networks. | |
static Features: permissions, intents, opcodes, API calls Behavioral Features: extracted from application execution logs | 99% | CNN + LSTM + pseudo-labeling | This paper introduces a semi-supervised hybrid deep learning framework (CNN + LSTM) for detecting Android malware with both labeled and unlabeled data. It effectively combines static and limited dynamic features to improve detection accuracy and adaptability against unknown malware variants. | the framework need to be broadened with instantaneous dynamic behavior observation and threat data specific to IoT in order to increase the generalization, the application of explainable AI techniques will likely result in better model transparency and confidence in the malware detection verdicts. |
