|
| Ref. | Description: method and features used to train and evaluate model | DL algorithm used | Automatic DL algorithm selection (yes/no) | Ability of identifying new malware? (yes/no) | Features engineering method (static/dynamic/hybrid analysis) | DL model needs updating? (yes/no) | Sustainability/resilience against evolution? (yes/no) | Library/framework used | Platform | Dataset used | Accuracy/F1 score |
|
| [65] | Malware detection using neural networks and k-means clustering | Not stated | No | No | Static analysis | Yes | No | Not stated | Android | Self-generated | 88.0% |
|
| [66] | Malware detection based on API method calls sequence mining | CNN | No | No | Static analysis | Yes | No | TensorFlow | Android | Malgenome, Drebin, MalDozer | About 99% |
|
| [67] | Malware detection by analyzing the permission wanted by app | Deep eigenspace learning | No | No | Static analysis | Yes | No | Not stated | Android | Self-generated | Not stated |
|
| [68] | Malware detection by extracting and analyzing several features | Multimodal neural networks | No | No | Static analysis | Yes | No | Keras, TensorFlow, scikit-learn | Android | VirusShare, malgenome | 94 – 98% |
|
| [69] | Dynamic malware detection system based on CPU, memory, and battery usage | LSTM RNN, encoder-decoder | No | No | Static analysis | Yes | No | Not stated | Android | M0Droid | About 80% |
|
| [70] | Malware detection by associating the features from static analysis with the features from dynamic analysis | DBN | No | No | Hybrid analysis | Yes | No | Not stated | Android | Self-generated, malgenome | 96.76% |
|
| [71] | Malware detection using several static and dynamic features | DBN | No | No | Hybrid analysis | Yes | No | Not stated | Android | Self-generated | 96.5% |
|
| [72] | Malware detection by using the importance of words from the apk file of applications | CNN | No | No | Static + renaming variables and prioritizing | Yes | No | Not stated | Android | Self-generated | 92.67% |
|
| [73] | Malware detection by extracting several features for model training | CNN | No | No | Static analysis for static features | Yes | No | Keras | Android | Self-generated | 99.25% |
|
| [74] | Malware detection using seven different features of android applications | DAE, CNN | No | No | Static analysis for 7 categories of static features | Yes | No | Keras, TensorFlow, scikit-learn | Android | Self-generated | 99.82% |
|
| [75] | ITMF, (image texture median filter) for analyzing and detecting malware on Derbin dataset | DBN | No | Potential of dynamic activity of malware | Static analysis | Yes | No | Keras, TensorFlow, scikit-learn | Android | Drebin | 95.43% |
|
| [76] | Malware detection using static analysis, dynamic analysis, and system calls | DBN | No | No | Hybrid analysis | Yes | No | Not stated | Android | Not stated | 99.1% |
|
| [77] | Malware detection by extracting the API calls graph of applications and generating graph embedding | CNN, RNN | No | No | Pseudodynamic analysis | Yes | No | Keras, TensorFlow | Android | AMD dataset, AndroZoo, Drebin, ISCX | 98.86% |
|
| [78] | Malware detection by examining all execution paths and detecting malicious and benign paths | LSTM RNN | No | No | Pseudodynamic analysis | Yes | No | TensorFlow, Keras, scikit-learn | Android | AndroZoo, | 91.42% |
|
| [79] | Malware detection using features extracted from manifest file and through static analysis and various deep learning methods | CNN, DBN, LSTM, DAE | No | No | Static analysis | Yes | No | TensorFlow, Keras, theano | Android | Drebin, VirusShare | Up to 93.6% |
|
| [80] | Malware detection by extracting features through dynamic analysis and generating Markov chains | RNN, CNN, LSTM | No | No | Dynamic analysis | Yes | No | TensorFlow, Keras, scikit-learn | Android | Drebin | Around 81% |
|
| [81] | Malware detection by extracting texture fingerprint features and mapping malicious code to grayscale image | DBN | No | No | Static analysis | Yes | No | Theano, GDBN, TensorFlow, Keras, scikit-learn | Android | Drebin | 95.9% |
|
| [82] | Malware detection by using various features, including hardware components, permissions, filtered intents, API calls, and network addresses | LSTM, CNN | No | No | Static analysis | Yes | No | Not stated | Android | Drebin | Up to 98.53% |
|
| [83] | Malware detection using LASSO feature shrinkage and selection technique and deep belief networks | DBN | No | No | Static analysis | Yes | No | Not stated | Android | DroidWare | 85.22% |
|
| [84] | Malware detection by generating API images from the sequence of API calls of applications | DAE | No | No | Dynamic analysis | Yes | No | Not stated | Android | Malgenome, contagio minidump | 98% |
|
| [85] | Malware detection by using features like permissions and API calls and generating a feature vector | DBN | No | No | Static analysis | Yes | No | TensorFlow | Android | Drebin, VirusTotal, contagio, self-generated | 99.04% |
|
| [86] | Malware detection by extracting byte code from the.dex file of the android package | DAE, DBN, RNN, LSTM, BiLSTM, | No | No | Static analysis | Yes | No | Keras, theano | Android | Drebin, AMD, VirusShare | Up to 99.9% |
|
| [87] | Malware detection by extracting features like API calls, events and permissions by dynamic analysis | Not stated | No | No | Dynamic analysis | Yes | No | Not stated | Android | Self-generated | 98.5% |
|
| [88] | Malware detection by converting static features like permissions API calls and components into a set of semantic features | GCN | No | No | Static analysis | Yes | No | Not stated | Android | Drebin, AMD, lab-built, AndroZoo, PRAGuard | Up to 99.7% |
|
| [89] | Hybrid deep learning for android malware detection using various static and dynamic feature of the application | DBN | No | No | Hybrid analysis | Yes | No | TensorFlow, Keras | Android | Self-generated | 96.8% |
|
| [90] | Malware detection by using dataset comprising of intent features and permission features extracted from benign and malicious applications | Not stated | No | No | Hybrid analysis | Yes | No | Not stated | Android | Omnidroid | 91% |
|
| [91] | Malware detection by converting the application binary to gray-scale image | Not stated | No | No | Static analysis | Yes | No | Not stated | Android, iOS | AMD, self-generated | 96.6% for Android, 95.8% for iOS |
|
| [92] | Malware detection by extracting byte code of the application and generating embedding | LSTM | No | No | Hybrid analysis | Yes | No | Not stated | Android, IoT | Self-generated | 98% for Android, 99% for IoT malware |
|
| [93] | Malware detection by extracting 11 static behavioral features and transforming them to a multidimensional vector | DBN | No | No | Static analysis | Yes | No | TensorFlow | Android | Self-generated, Drebin, etc. | Up to 99.5% |
|
| [94] | Malware detection by extracting API sequence and the methods from the DEX file of the application and generating the hot vector of the API sequence | Bi-LSTM | No | No | Static analysis | Yes | No | Not stated | Android | AMD | 97.2% |
|
| [95] | Malware detection in the IoT devices by reading the DEX file of the application as an unsigned vector and converting it to a fixed size by image resampling technique | CNN, RNN, GRU, LSTM, Bi-LSTM | No | No | Static analysis | Yes | No | Keras | Android IoT devices | Self-generated | Up to 95.8% |
|
| [96] | Malware detection by generating the function call graph from the DEX file of the application and the op-code-level FCG features | LSTM | No | No | Static analysis | Yes | No | Keras, TensorFlow | Android | Self-generated | 97% |
|
| [97] | Malware detection by extracting and vectorizing the manifest features and API calls from the binary file of the app | CNN, GRU, LSTM | No | No | Static analysis | Yes | No | Keras, TensorFlow | Android | Drebin, genome, contagio, pwnzen, VirusShare | 96.8% |
|
| [98] | Malware detection by extracting features like permissions, system events, APIs and data flow from the manifest, DEX and layout xml files | MLP | No | No | Static analysis | Yes | No | TensorFlow | Android | Self-generated | 94.9% |
|
| [99] | Malware detection by extracting static features (permissions) from the manifest file and then generating feature vector | CNN, DAE | No | No | Static analysis | Yes | No | Keras, TensorFlow | Android | CIC and Mal2017, self-generated | 98.2% |
|
