Generic placeholder image

Recent Patents on Engineering


ISSN (Print): 1872-2121
ISSN (Online): 2212-4047

General Review Article

Android Malware Detection Techniques: A Literature Review

Author(s): Meghna Dhalaria and Ekta Gandotra*

Volume 15 , Issue 2 , 2021

Published on: 10 July, 2020

Page: [225 - 245] Pages: 21

DOI: 10.2174/1872212114999200710143847

Price: $65


Objective: This paper provides the basics of Android malware, its evolution and tools and techniques for malware analysis. Its main aim is to present a review of the literature on Android malware detection using machine learning and deep learning and identify the research gaps. It provides the insights obtained through literature and future research directions which could help researchers to come up with robust and accurate techniques for the classification of Android malware.

Methods: This paper provides a review of the basics of Android malware, its evolution timeline and detection techniques. It includes the tools and techniques for analyzing the Android malware statically and dynamically for extracting features and finally classifying these using machine learning and deep learning algorithms.

Results: The number of Android users is increasing at an exponential rate due to the popularity of Android devices. As a result, there are more risks to Android users due to the exponential growth of Android malware. On-going research aims to overcome the constraints of earlier approaches for malware detection. As the evolving malware is complex and sophisticated, earlier approaches like signature-based and machine learning-based approaches are not able to identify it timely and accurately. The findings from the review show various limitations of earlier techniques, i.e. requirement of more detection time, high false-positive and false-negative rates, low accuracy in detecting sophisticated malware and less flexibility.

Conclusion: This paper provides a systematic and comprehensive review on the tools and techniques being employed for analysis, classification and identification of Android malicious applications. It includes the timeline of Android malware evolution, tools and techniques for analyzing these statically and dynamically for the purpose of extracting features and finally using these features for their detection and classification using machine learning and deep learning algorithms. On the basis of the detailed literature review, various research gaps are listed. The paper also provides future research directions and insights that could help researchers to come up with innovative and robust techniques for detecting and classifying Android malware.

Keywords: Android malware, dynamic malware analysis, static malware analysis, malware classification, machine learning, deep learning.

Graphical Abstract
Canalys, "Over 1 billion Android-based smart phones to shipin", 2013.,
McAfee Labs, Threat Predictions Report., McAfee Labs: Santa Clara, CA, USA, 2018.
E. Gandotra, D. Bansal, and S. Sofat, "Zero-day malware detection", 2016 Sixth International Symposium on Embedded Computing and System Design (ISED) Patna,India, 2016pp. 171-175
M. Wilson, T-mobile g1: Full details of the htc dream android phone. Gizmodo-We come from the future, 2008.,
McAfee, Threats report., 2013.
McAfee, Mobile security report., 2014.
K. Tam, A. Feizollah, N.B. Anuar, R. Salleh, and L. Cavallaro, "The evolution of android malware and android analysis techniques", ACM Comput. Surv., vol. 49, no. 4, pp. 1-41, 2017. [CSUR
K. Dunham, S. Hartman, M. Quintans, J.A. Morales, and T. Strazzere, Android malware and analysis., Auerbach Publications, 2014.
S. Singla, E. Gandotra, D. Bansal, and S. Sofat, "Detecting and classifying morphed malwares: A survey", Int. J. Comput. Appl., vol. 122, no. 10, 2015.
E. Gandotra, D. Bansal, and S. Sofat, "“Tools & Techniques for Malware Analysis and Classification”, Int", J. Next-Generation Comput, vol. 7, no. 3, 2016.
N. Peiravian, and X. Zhu, "Machine learning for android malware detection using permission and api calls", Proceedings - International Conference on Tools with Artificial Intelligence, ICTAI, pp. 300-305.
A. Samra, K. Yim, and O.A. Ghanem, "Analysis of clustering technique in android malware detection", 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2013pp. 729-733
F. Tchakounté, "Permission-based malware detection mechanisms on android: Analysis and perspectives", J. Comput. Sci., vol. 1, no. 2, 2014.
S. Verma, and S.K. Muttoo, "An Android Malware Detection Framework-based on Permissions and Intents", Def. Sci. J., vol. 66, no. 6, pp. 618-623, 2016.
F. Shang, Y. Li, X. Deng, and D. He, "Android malware detection method based on naive Bayes and permission correlation algorithm", Cluster Comput., vol. 21, no. 1, pp. 955-966, 2018.
G. Tao, Z. Zheng, Z. Guo, and M.R. Lyu, "MalPat: Mining patterns of malicious and benign Android apps via permission-related APIs", IEEE Trans. Reliab., vol. 67, no. 1, pp. 355-369, 2017.
Y. Zhang, Y. Yang, and X. Wang, "A novel android malware detection approach based on convolutional neural network", Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, 2018pp. 144-149
D.J. Wu, C.H. Mao, T.E. Wei, H.M. Lee, and K.P. Wu, "Droidmat: Android malware detection through manifest and api calls tracing", 2012 Seventh Asia Joint Conference on Information Security, 2012pp. 62-69
V. Rastogi, Y. Chen, and X. Jiang, "Catch me if you can: Evaluating android anti-malware against transformation attacks", IEEE Trans. Inf. Forensics Security, vol. 9, no. 1, pp. 99-108, 2013.
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T. Siemens, Drebin: Effective and explainable detection of android malware in your pocketIn: Ndss, vol. 14. 2014, pp. 23-26..
S.Y. Yerima, and S. Sezer, "Droidfusion: A novel multilevel classifier fusion approach for android malware detection", IEEE Trans. Cybern., vol. 49, no. 2, pp. 453-466, 2019.
[] [PMID: 29993965]
Y. Zhou, and X. Jiang, Dissecting android malware: Characterization and evolution IEEE symposium on security and privacy. 2012, pp. 95-109..
S.Y. Yerima, S. Sezer, and G. McWilliams, "Analysis of Bayesian classification-based approaches for Android malware detection", IET Inf. Secur., vol. 8, no. 1, pp. 25-36, 2014.
J. Malik, and R. Kaushal, "CREDROID: Android malware detection by network traffic analysis", Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile Computing, 2016pp. 28-36
A. Gianazza, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero, Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applicationsIn: arXiv preprint arXiv.2014, pp. 1402-4826..
A. Machiry, R. Tahiliani, and M. Naik, "Dynodroid: An input generation system for android apps", Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, 2013pp. 224-234
T. Bhatia, and R. Kaushal, Malware detection in android based on dynamic analysis.
S. Chaba, R. Kumar, R. Pant, and M. Dave, Malware Detection Approach for Android systems Using System Call Logs 2017..
G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, "MADAM: a multi-level anomaly detector for android malware", International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, 2012pp. 240-253
A. Desnos, and P. Lantz, Droidbox: An android application sandbox for dynamic analysis Lund Univ.. Tech. Rep: Lund, Sweden, 2011..
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N. Sheth, "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones", ACM Trans. Comput. Syst., vol. 32, no. 2, p. 5, 2014. [TOCS
C. Guarnieri, A. Tanasi, J. Bremer, and M. Schloesser, The cuckoo sandbox 2012.
D. Venugopal, and G. Hu, "Efficient signature based malware detection on mobile devices", Mobile Info. Systems, vol. 4, no. 1, pp. 33-49, 2008.
P. Faruki, V. Ganmoor, V. Laxmi, M.S. Gaur, and A. Bharmal, "AndroSimilar: robust statistical feature signature for Android malware detection", Proceedings of the 6th International Conference on Security of Information and Networks, 2013pp. 152-159
M. Zheng, M. Sun, and J.C. Lui, "Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware", 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Melbourne, VIC, 2013pp. 163-171
S. Ngamwitroj, and B. Limthanmaphon, "Adaptive Android Malware Signature Detection", Proceedings of the 2018 International Conference on Communication Engineering and Technology, 2018pp. 22-25
Y. Feng, S. Anand, I. Dillig, and A. Aiken, "Apposcopy: Semantics-based detection of android malware through static analysis", Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2014pp. 576-58
B. Baskaran, and A. Ralescu, "“A study of android malware detection techniques and machine learning”, DEStech Trans", Comput. Sci. Eng., 2017.
B. Amro, Malware detection techniques for mobile devices Int. J. Mob. Netw. Commun. Telematics., vol. 7. IJMNCT, 2017..
C. M. Bishop, Pattern recognition and machine learning, springer 2006.
J. Han, J. Pei, and M. Kamber, Data mining: concepts and techniques., Elsevier, 2011.
G. Shakhnarovish, T. Darrell, and P. Indyk, Nearest-neighbor methods in learning and visionMIT Press., 2005, p. 262.
J.R. Quinlan, “C4. 5: Programs for machine learning”, Morgan Kaufmann, San Francisco. C4. 5: Programs for machine learning., Morgan Kaufmann: San Francisco, 1993.
P. Domingos, and M. Pazzani, "On the optimality of the simple Bayesian classifier under zero-one loss", Mach. Learn., vol. 29, no. 3, pp. 103-130, 1997.
S.S. Keerthi, and E.G. Gilbert, "Convergence of a generalized SMO algorithm for SVM classifier design", Mach. Learn., vol. 46, pp. 351-360, 2002.
T.G. Dietterich, and G. Bakiri, "Solving multiclass learning problems via error-correcting output codes", J. Artif. Intell. Res., vol. 2, pp. 263-286, 1994.
A. Ahmad, and L. Dey, "A k-mean clustering algorithm for mixed numeric and categorical data", Data Knowl. Eng., vol. 63, no. 2, pp. 503-527, 2007.
D. Birant, and A. Kut, "ST-DBSCAN: An algorithm for clustering spatial–temporal data", Data Knowl. Eng., vol. 60, no. 1, pp. 208-221, 2007.
B.C. Fung, K. Wang, and M. Ester, "Hierarchical document clustering using frequent itemsets", Proceedings of the 2003 SIAM international conference on data mining, 2003pp. 59-70
R.S. Sutton, and A.G. Barto, Introduction to reinforcement learning, vol. 2, no. 4 Cambridge: MIT press, 1998..
J.R. Quinlan, Bagging, boosting, and C4. 5 AAAI/IAAI, vol. 1. 1996, pp. 725-730..
K.M. Ting, and I.H. Witten, "Issues in stacked generalization", J. Artif. Intell. Res., vol. 10, pp. 271-289, 1999.
L. Breiman, "“L,” Bagging predictors", Mach. Learn., vol. 24, no. 2, pp. 123-140, 1996.
H. Fereidooni, M. Conti, D. Yao, and A. Sperduti, ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications .
A. H. Mostafa, M. M. Elfattah, and A. A. Youssif, An intelligent methodology for malware detection in android smartphones based static analysis Int. J. Commun., vol. 10, 2016..
J. Li, L. Sun, Q. Yan, Z. Li, W. Srisaan, and H. Ye, "Significant permission identification for machine-learning-based android malware detection", IEEE Trans. Industr. Inform., vol. 14, no. 7, pp. 3216-3225, 2018.
X. Wang, W. Wang, Y. He, J. Liu, Z. Han, and X. Zhang, "Characterizing Android apps’ behavior for effective detection of malapps at large scale", Future Gener. Comput. Syst., vol. 75, pp. 30-45, 2017.
L. Cen, C.S. Gates, L. Si, and N. Li, "A probabilistic discriminative model for android malware detection with decompiled source code", IEEE Trans. Depend. Secure Comput., vol. 12, no. 4, pp. 400-412, 2014.
A. Kapoor, H. Kushwaha, and E. Gandotra, "Permission based Android Malicious Application Detection using Machine Learning", 2019 International Conference on Signal Processing and Communication (ICSC), 2019pp. 103-108
M. Dhalaria, E. Gandotra, and S. Saha, "Comparative Analysis of Ensemble Methods for Classification of Android Malicious Applications", International Conference on Advances in Computing and Data Sciences Springer, 2019pp. 370-380 Singapore
S. Dasgupta, S. Saha, and S.K. Das, "Malware Detection in Android Using Data Mining", Int. J. Nat. Comput. Res., vol. 6, no. 2, pp. 1-17, 2017. [IJNCR
P. Feng, J. Ma, C. Sun, X. Xu, and Y. Ma, "A Novel Dynamic Android Malware Detection System With Ensemble Learning", IEEE Access, vol. 6, pp. 30996-31011, 2018.
A. Mahindru, and P. Singh, "Dynamic permissions based android malware detection using machine learning techniques", Proceedings of the 10th Innovations in Software Engineering Conference, 2017pp. 202-210
M. Zhao, F. Ge, T. Zhang, and Z. Yuan, "AntiMalDroid: An efficient SVM-based malware detection framework for android", International Conference on Information Computing and Applications, 2011pp. 158-166
E. Gandotra, D. Bansal, and S. Sofat, "Malware analysis and classification: A survey", J. Info. Sec., vol. 5, no. 2, p. 56, 2014.
L. Wen, and H. Yu, An Android malware detection system based on machine learning AIP Conf. Proc., vol. 1864, no. 1, 2017.020136.
A. Arora, S.K. Peddoju, V. Chouhan, and A. Chaudhary, "Poster: Hybrid Android Malware Detection by Combining Supervised and Unsupervised Learning", Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, 2018pp. 798-800
M. Lindorfer, M. Neugschwandtner, and C. Platzer, "Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis", 2015 IEEE 39th Annual Computer Software and Applications Conference, Taichung, Taiwan, 2015, pp. 422- 433,
M. Spreitzenbarth, F. Freiling, F. Echtler, T. Schreck, and J. Hoffmann, "Mobile-sandbox: having a deeper look into android applications", Proceedings of the 28th Annual ACM Symposium on Applied Computing, 2013pp. 1808-1815
T. Bläsing, L. Batyuk, A.D. Schmidt, S.A. Camtepe, and S. Albayrak, "An android application sandbox system for suspicious software detection", 2010 5th International Conference on Malicious and Unwanted Software, Nancy, Lorraine, Ohio, USA, 2010, pp.55-62.
H.A. Alatwi, T. Oh, E. Fokoue, and B. Stackpole, "September. Android malware detection using category-based machine learning classifiers", Proceedings of the 17th Annual Conference on Information Technology Education, 2016pp. 54-59
P.P. Chan, and W.K. Song, "Static detection of Android malware by using permissions and API calls", 2014 International Conference on Machine Learning and Cybernetics, vol. 1, 2014pp. 82-87
M.K. Alzaylaee, S.Y. Yerima, and S. Sezer, "Emulator vs real phone: Android malware detection using machine learning", Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics, 2017pp. 65-72
S. Bhandari, R. Gupta, V. Laxmi, M.S. Gaur, A. Zemmari, and M. Anikeev, "DRACO: DRoid analyst combo an android malware analysis framework", Proceedings of the 8th International Conference on Security of Information and Networks, 2015pp. 283-289
J. Schmidhuber, "Deep learning in neural networks: an overview", Neural Netw., vol. 61, pp. 85-117, 2015.
[] [PMID: 25462637]
R. Yamashita, M. Nishio, R.K.G. Do, and K. Togashi, "Convolutional neural networks: an overview and application in radiology", Insights Imaging, vol. 9, no. 4, pp. 611-629, 2018.
[] [PMID: 29934920]
M. Hüsken, and P. Stagge, "Recurrent neural networks for time series classification", Neurocomputing, vol. 50, pp. 223-235, 2003.
M. Längkvist, L. Karlsson, and A. Loutfi, "A review of unsupervised feature learning and deep learning for time-series modelling", Pattern Recognit. Lett., vol. 42, pp. 11-24, 2014.
T. Kim, B. Kang, M. Rho, S. Sezer, and E.G. Im, "A multimodal deep learning method for Android malware detection using various features", IEEE Trans. Inf. Forensics Security, vol. 14, no. 3, pp. 773-788, 2018.
D. Li, Z. Wang, and Y. Xue, "Fine-grained android malware detection based on deep learning", 2018 IEEE Conference on Communications and Network Security (CNS), 2018pp. 1-2
N. McLaughlin, J. Martinez del Rincon, B. Kang, S. Yerima, P. Miller, S. Sezer, Y. Safaei, E. Trickel, Z. Zhao, A. Doupé, and G.J. Ahn, "Deep android malware detection", Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017pp. 301-308
M. Dhalaria, and E. Gandotra, "Convolutional Neural Network for Classification of Android Applications Represented as Grayscale Images", Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 12, pp. 835-843, 2019. [IJITEE
S. Hou, A. Saas, L. Chen, and Y. Ye, "Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs", 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), 2016pp. 104-111
L. Singh, and M. Hofmann, "Dynamic behavior analysis of Android applications for malware detection", 2017 International Conference on Intelligent Communication and Computational Techniques (ICCT), 2017pp. 1-7
H. Liang, Y. Song, and D. Xiao, "An end-To-end model for Android malware detection", 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017pp. 140-142
Z. Yuan, Y. Lu, and Y. Xue, "Droiddetector: android malware characterization and detection using deep learning", Tsinghua Sci. Technol., vol. 21, no. 1, pp. 114-123, 2016.
H. Alshahrani, H. Mansourt, S. Thorn, A. Alshehri, A. Alzahrani, and H. Fu, "DDefender: Android application threat detection using static and dynamic analysis", 2018 IEEE International Conference on Consumer Electronics (ICCE), 2018pp. 1-6
R. Vinayakumar, K.P. Soman, P. Poornachandran, and S. Kumar, "Detecting Android malware using long short-term memory (LSTM)", J. Intell. Fuzzy Syst., vol. 34, no. 3, pp. 1277-1288, 2018.
M. Ganesh, P. Pednekar, P. Prabhuswamy, D.S. Nair, Y. Park, and H. Jeon, "H, “CNN-based android malware detection", 2017 International Conference on Software Security and Assurance (ICSSA), 2017pp. 60-65
S. Hou, A. Saas, Y. Ye, and L. Chen, "Droiddelver: An android malware detection system using deep belief network based on api call blocks", International Conference on Web-Age Information Management, 2016pp. 54-66
F. Martinelli, F. Marulli, and F. Mercaldo, "Evaluating convolutional neural network for effective mobile malware detection", Procedia Comput. Sci., vol. 112, pp. 2372-2381, 2017.
Z. Yuan, Y. Lu, Z. Wang, and Y. Xue, "Droid-sec: deep learning in android malware detection", Comput. Commun. Rev., vol. 44, no. 4, pp. 371-372, 2014.
L. Xu, D. Zhang, N. Jayasena, and J. Cavazos, "Hadm: Hybrid analysis for detection of malware", Proceedings of SAI Intelligent Systems Conference, 2016pp. 702-724
J. Jung, J. Choi, S.J. Cho, S. Han, M. Park, and Y. Hwang, "Android malware detection using convolutional neural networks and data section images", Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems, 2018pp. 149-153
E.B. Karbab, M. Debbabi, A. Derhab, and D. Mouheb, "MalDozer: Automatic framework for android malware detection using deep learning", Digit. Invest., vol. 24, pp. S48-S59, 2018.
A.H. Lashkari, A.F.A. Kadir, L. Taheri, and A.A. Ghorbani, "Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification", 2018 International Carnahan Conference on Security Technology (ICCST), 2018pp. 1-7
D. Hu, Z. Ma, X. Zhang, P. Li, D. Ye, and B. Ling, "The Concept Drift Problem in Android Malware Detection and Its Solution", Secur. Commun. Netw., 2017.
E. Gandotra, S. Singla, D. Bansal, and S. Sofat, "Clustering morphed malware using opcode sequence pattern matching", Recent Pat. Eng., vol. 12, no. 1, pp. 30-36, 2018.
D. Gupta, and R. Rani, "Big Data Framework for Zero-Day Malware Detection", Cybern. Syst., vol. 49, no. 2, pp. 103-121, 2018.
D. Gupta, and R. Rani, A study of big data evolution and research challenges J. Inf. Sci., vol. 45, no. 3, pp. 322-340, 2019..

Rights & Permissions Print Export Cite as
© 2022 Bentham Science Publishers | Privacy Policy