|
| Ref. | Description: method and features used to train and evaluate model | DL algorithm used | Library/framework used | Platform | Dataset used | Accuracy/F1 score |
|
| [26] | Malware classification by extracting static features and converting to gray images | CNN | Not stated | Windows | Kaggle by Microsoft | 98.86% |
|
| [27] | Malware classification by converting malware binary file to gray image through code mapping, texture partitioning, and texture extraction | CNN | Not stated | Windows | BIG 2015 | 99% |
|
| [28] | Malware classification by extracting series of system calls having malicious behavior | Not stated | Not stated | Windows | Self-generated | 95.6% |
|
| [29] | Malware detection and classification by using the op-code and API calls data of malware and benign-ware | CNN, BPNN | Not stated | Windows | Self-generated | 95% |
|
| [30] | Multilevel deep learning system for malware detection using different static and dynamic features | Proposed MLDLS | Not stated | Windows | Self-generated | Not stated |
|
| [31] | Ransomware detection system based on n-gram op-code with deep learning | CNN | Keras, TensorFlow | Windows | Self-generated | 89.5% |
|
| [32] | Malware detection by transforming PE file to op-code sequences and representing the op-code as n-gram vector | DBN | Not stated | Windows | Self-generated | About 98% |
|
| [33] | Malware detection by visualizing the malware binary file as gray image | CNN | MatConvNet in MATLAB | Windows | Self-generated | — |
|
| [34] | Malware detection using API calls of Windows’ executable files | DAE, RBM | Not stated | Windows | Comodo Cloud Security Center’s dataset | Around 98% |
|
| [35] | Malware detection based on API calls sequence and statistical features | LSTM, RNN | TensorFlow | Windows | Self-generated | 95.7% |
|
| [36] | Identifying executable files as malware or benign using static and dynamic analysis and categorizing the malware to the corresponding family | CNN, LSTM | TensorFlow, Keras | Windows | Malimg, EMBER, self-generated | 98.8% |
|
| [37] | Hybrid image-based technique for malware detection by converting malware binaries to gray images | CNN, LSTM | TensorFlow, Keras | Windows | BIG 2015 | 96–97% |
|
| [38] | Malware detection by extracting API call sequences of malware using dynamic analysis and generating feature images | CNN | Not stated | Windows | VirusShare dataset | About 99% |
|
| [39] | Predicting malicious behavior of executable program based on small amount of behavioral data within the first few seconds of execution | RNN | Keras, scikit-learn | Windows | Self-generated | 96% |
|
| [40] | DLMD: malware detection technique based on static features using byte and ASM files | CNN | PyTorch | Windows | BIG 2015 | 97.5% |
|
| [41] | Malware detection extracting control flow graph of the sample by lazy binding and transforming it into an image | CNN | Not stated | Windows | MALICIA, VirusShare, VXHeaven | 92%–97.7% |
|
| [42] | Deep learning system with two hidden layers for malware detection using dependency of malware sequence and avoiding back-propagation | TELM | Not stated | Windows | Kaggle, VXHeaven | Above 99% |
|
| [43] | Malware classification by transforming malware binary file to grayscale images | CNN, LSTM | TensorFlow, Keras | Windows | BIG 2015 | 98.2% |
|
| [44] | Zero-day malware detection by generating fake malware and learning to distinguish it from the real malware | DAE, DCGAN | Keras | Windows | Kaggle | About 99% |
|
| [45] | Malware detection by visualizing the malware as grayscale image | CNN | TensorFlow | Windows | Malimg, Microsoft dataset | 99.97% |
|
| [46] | Detecting threats in the cloud-assisted Internet of things by extracting API calls data from malware | DBN | Not stated | Windows | VXHeaven | Up to 99.78% |
|
| [47] | Malware classification by visualizing the malware as grayscale image | CNN | Not stated | Windows | Malimg, BIG 2015 | 97.5% |
|
| [48] | Malware variants detection by visualizing malware samples as grayscale images | CNN | Caffe NN framework | Windows | Dataset by Vision Research Lab | 94.5% |
|
| [49] | Malware detection by converting malware executable to grayscale image and using NSGA-II algorithm to deal with data imbalance | CNN | TensorFlow | Windows | Dataset by Vision Research Lab | 97.6% |
|
| [50] | Malware detection by visualizing the malware sample as a grayscale image | Deep transfer learning | Not stated | Windows | Not stated | 99.25% |
|
| [51] | Malware detection by using static analysis to extract features of the malware samples | LSTM | Keras, TensorFlow | Windows | Self-generated dataset named MC-dataset-multiclass | 90.63% |
|
| [52] | Malware detection by visualizing the malware sample as a grayscale image | CNN | TensorFlow | Windows | Malimg | 80.5% |
|
| [53] | Malware detection by extracting features, like file activity, registry activity, service activity, processes, runtime DLLs and network activities, etc., and applying big data analytics techniques | Not stated | Keras | Windows | Self-generated | 97% |
|
| [54] | Malware classification by converting malware binaries to Markov images | CNN | Keras, TensorFlow | Windows | Microsoft dataset, Drebin dataset | 97.3% for Drebin, 99.3% for Microsoft |
|
| [55] | A comparative study of CNN and ELM-based detection systems using malware represented as grayscale images | CNN | Keras | Windows | Malimg | 96.3% for CNN, 97.7% for ELM |
|
| [56] | Metamorphic malware detection using API calls made on the operating system | LSTM | Keras | Windows | Self-generated API sequence dataset | Up to 98.5% |
|
| [57] | Malware detection by extracting features of PE files, including import functions feature, general information feature, and bytes entropy feature | Not stated | Not stated | Windows | Self-generated | AUC up to 0.989 |
|
| [58] | Cryptomining malware detection by static and dynamic analysis of the op-code sequences of PE files | CNN, LSTM, ATT-LSTM | Not stated | Windows | Self-generated | 97% on average |
|
| [59] | Malware classification using malware samples represented as grayscale images | CNN | Keras, TensorFlow | Windows | Malimg | 99.72% |
|
| [60] | Malware classification by extracting features including API calls, sequence of assembly language instructions, and malware’s binary contents | CNN | TensorFlow | Windows | Kaggle | 99.7% |
|
| [61] | Image-based malware classification system using an ensemble of CNN | CNN | TensorFlow, Keras, scikit-learn | Windows | Malimg | 99.5% |
|
| [62] | Malware detection by black-and-white embedding of malware images rather than grayscale to avoid bit loss in byte | CNN | Keras, TensorFlow | Windows | KISA dataset | 92.8% |
|
| [63] | Malware classification by generating a low-dimensional vector and using op-codes and API function calls to train model | Bi-LSTM | Not stated | Windows | Microsoft dataset | 96.8% |
|
| [64] | Malware detection by extracting the API calls sequence and generating the API pixel vector and finally visualizing the malware | CNN | Not stated | Windows | Self-generated | 94.7% |
|
