|
Title | Target | Pros | Cons | Dataset | Performance |
|
Drebin [2] | On-device malware detection using code and manifest permissions | On-device; Explainability; | Obfuscation; Accuracy for imbalanced | 123, 453 | Accuracy: 0.94 |
Yerima et al. [3] | Bayesian analysis over permissions and other code features for zero-day analysis | Simple model; High accuracy | Small sample set; Code inspection | 1, 000 | Accuracy: 0.93 |
Sahs et al. [4] | Use of SVM over permissions and control flow graphs for malware detection | Anomaly detection- based approach | Unbalanced results; Offline system | - | F1-score: 0.25 |
Peiravian et al. [5] | Tree and SVM Classifiers over permissions and API Calls | High accuracy; robust modelling | Code analysis; Unknown processing times; API calls can be benign | 3, 000 | F1-score: 0.95 |
AndroDialysis [6] | Analysis of application intents and permissions as features for machine learning | High accuracy; On-device | Code analysis; Unbalanced dataset | 7, 406 | Accuracy: 0.955 |
Yerima et al. [7] | Ensemble learning over app code and API calls | High accuracy; Feature Selection not needed | Code analysis; Large-feature model | 6, 863 | Accuracy: 0.97 |
PUMA [8] | Permission Analysis | Simple approach; Robust modelling | Tiny dataset; Narrow feature set | 239 | AUC: 0.92 |
Ham et al. [9] | Classifier using app’s runtime parameters | predictive features; High F1-score | Code analysis; Unknown processing times | 14, 794 | F1-score: 0.99 |
Karim et al. [10] | User profile single feature classification | Compact model; low False Positive rate; | Complex feature extraction; User profiles can be fooled | 4, 117 | False Positive Rate: 2.1 |
DroidChain [11] | Behaviour chain detection of malware | Zero-day support; Behaviour detection | Code analysis; Restricted to 4 malware models | 1, 260 | F1-score: 0.8 |
Andromaly [12] | Application monitoring and anomaly detection | distributed service; On-device | Monitoring impact on device; Lack of Ground truth; May require device rooting | 20 | AUC: 0.8-0.99 |
RiskRanker [13] | Zero-day malware detection through automated code analysis | Large Dataset; Multi-stage; Risk assessment | Code analysis; Limited support of behaviours; Signature dependent | 118, 318 | Number of Detections: 718 |
DroidAPIMiner [14] | KNN classifiers over bytecode semantic information | Fast solution; Family-aware system | Code analysis; API calls can be benign; Static Whitelisting | 20,000 | Accuracy: 0.99 |
Massvet [15] | Application code differential analysis to spot clones by comparing with market | Very Large dataset; Scalable; Pairwise app comparison | Vulnerable to code changes; Code analysis | 1, 2M | Number of Detections: 127, 429 |
|