|
Ref. | Description: method and features used to train and evaluate model | DL algorithm used | Library/framework used | Targeted platform | Dataset used | Accuracy/F1 score |
|
[120] | Visualizing malware binaries as two-dimensional images and feeding to classifier that uses reweighted class-balanced loss function | Densely connected CNN with ReLU | Keras | Windows | Malimg, BIG 2015, MaleVis | 98.46% |
|
[121] | Two-stage hybrid malware detection by extracting op-code by static analysis and then performing dynamic analysis to classify benign files | Bi-LSTM, CNN | Not stated | IoT | KISA 2019 | Up to 95% |
|
[122] | Malware detection by representing the application as image, extracting the dex file, and grouping the sequence of bytes into grayscale pixel | CNN | CUDA, TensorFlow | Android | Argus Cyber Security Lab | 97% |
|
[123] | Malware detection by using text classification method, using the text sequence of APPs analysis and exploring information | CNN | Keras | Android | Various datasets | 96.6% |
|
[124] | Malware detection using dynamic analysis by generating dynamic analysis logs for an APK and transforming the features into a feature vector | CNN with leaky ReLU | Not stated | Android | Self-generated | 98% |
|
[64] | Malware detection by visualizing malware as RGB color images using both static and dynamic as well as hybrid analysis | CNN (VGG16) | Not stated | Windows | Dataset by VirusSign | 94.7% |
|
[125] | Detection of Java bytecode malware using static analysis of the Java program and extracting interprocedural control flow graph from bytecode file | CNN | Not stated | Platforms capable of running Java programs | Self-generated | 98.4% |
|
[126] | Analysis of behavior of malicious programs based on API call graphs. The detection is based on analyzed patterns of the API calls | CNN (used only for discovering common features) | Not stated | Android | Apps from playstore and VirusShare | 93.2% |
|
[127] | Classification and detection of malware using executable and linkable format (ELF) binary file, making use of static, dynamic, and hybrid analysis | Bi-GRU-CNN | Keras, TensorFlow, scikit-learn | IoT | Collected from various sources | 98% (detect) 100% (classify) |
|
[128] | Malware classification by converting the bytecode of methods of the malware into grayscale feature image and analyzing its feasibility based on reconstruction error of AE | AE based on CNN | TensorFlow | Android | Apps from playstore and VirusShare | 96.2% |
|
[129] | Distributed deep learning-based model for malware detection using both static and dynamic analysis | CNN-BiLSTM | Not stated | Windows | Apps from various sources | 97% |
|
[130] | Using DL and model-checking to detect malware by converting source code to format of the model-checker, using both static and dynamic analysis | CNN | PyTorch | IoT | Not stated | 95% |
|
[131] | Malware detection using static analysis, emphasizing on features extraction from PE files | Not stated | Keras | Windows | EMBER | 97.5% |
|