Abstract
Objective: This paper provides the basics of Android malware, its evolution and tools and techniques for malware analysis. Its main aim is to present a review of the literature on Android malware detection using machine learning and deep learning and identify the research gaps. It provides the insights obtained through literature and future research directions which could help researchers to come up with robust and accurate techniques for the classification of Android malware.
Methods: This paper provides a review of the basics of Android malware, its evolution timeline and detection techniques. It includes the tools and techniques for analyzing the Android malware statically and dynamically for extracting features and finally classifying these using machine learning and deep learning algorithms.
Results: The number of Android users is increasing at an exponential rate due to the popularity of Android devices. As a result, there are more risks to Android users due to the exponential growth of Android malware. On-going research aims to overcome the constraints of earlier approaches for malware detection. As the evolving malware is complex and sophisticated, earlier approaches like signature-based and machine learning-based approaches are not able to identify it timely and accurately. The findings from the review show various limitations of earlier techniques, i.e. requirement of more detection time, high false-positive and false-negative rates, low accuracy in detecting sophisticated malware and less flexibility.
Conclusion: This paper provides a systematic and comprehensive review on the tools and techniques being employed for analysis, classification and identification of Android malicious applications. It includes the timeline of Android malware evolution, tools and techniques for analyzing these statically and dynamically for the purpose of extracting features and finally using these features for their detection and classification using machine learning and deep learning algorithms. On the basis of the detailed literature review, various research gaps are listed. The paper also provides future research directions and insights that could help researchers to come up with innovative and robust techniques for detecting and classifying Android malware.
Keywords: Android malware, dynamic malware analysis, static malware analysis, malware classification, machine learning, deep learning.
Graphical Abstract
[http://dx.doi.org/10.1109/ISED.2016.7977076]
[http://dx.doi.org/10.1145/3017427]
[http://dx.doi.org/10.1201/b17598]
[http://dx.doi.org/10.1109/ICTAI.2013.53]
[http://dx.doi.org/10.1109/IMIS.2013.111]
[http://dx.doi.org/10.14429/dsj.66.10803]
[http://dx.doi.org/10.1007/s10586-017-0981-6]
[http://dx.doi.org/10.1109/TR.2017.2778147]
[http://dx.doi.org/10.1145/3199478.3199492]
[http://dx.doi.org/10.1109/AsiaJCIS.2012.18]
[http://dx.doi.org/10.1109/TIFS.2013.2290431]
[http://dx.doi.org/10.1109/TCYB.2017.2777960] [PMID: 29993965]
[http://dx.doi.org/10.1049/iet-ifs.2013.0095]
[http://dx.doi.org/10.1145/2940343.2940348]
[http://dx.doi.org/10.1145/2491411.2491450]
[http://dx.doi.org/10.1109/CyberSecPODS.2017.8074847]
[http://dx.doi.org/10.1007/978-3-642-33704-8_21]
[http://dx.doi.org/10.1145/2619091]
[http://dx.doi.org/10.1155/2008/712353]
[http://dx.doi.org/10.1145/2523514.2523539]
[http://dx.doi.org/10.1109/TrustCom.2013.25]
[http://dx.doi.org/10.1145/2635868.2635869]
[http://dx.doi.org/10.1023/A:1007413511361]
[http://dx.doi.org/10.1023/A:1012431217818]
[http://dx.doi.org/10.1613/jair.105]
[http://dx.doi.org/10.1016/j.datak.2007.03.016]
[http://dx.doi.org/10.1016/j.datak.2006.01.013]
[http://dx.doi.org/10.1137/1.9781611972733.6]
[http://dx.doi.org/10.1109/TNN.1998.712192]
[http://dx.doi.org/10.1613/jair.594]
[http://dx.doi.org/10.1007/BF00058655]
[http://dx.doi.org/10.1109/NTMS.2016.7792435]
[http://dx.doi.org/10.1109/TII.2017.2789219]
[http://dx.doi.org/10.1016/j.future.2017.04.041]
[http://dx.doi.org/10.1109/TDSC.2014.2355839]
[http://dx.doi.org/10.1109/ICSC45622.2019.8938236]
[http://dx.doi.org/10.1007/978-981-13-9939-8_33]
[http://dx.doi.org/10.4018/IJNCR.2017070101]
[http://dx.doi.org/10.1109/ACCESS.2018.2844349]
[http://dx.doi.org/10.1145/3021460.3021485]
[http://dx.doi.org/10.1007/978-3-642-27503-6_22]
[http://dx.doi.org/10.4236/jis.2014.52006]
[http://dx.doi.org/10.1063/1.4992953]
[http://dx.doi.org/10.1145/3241539.3267768]
[http://dx.doi.org/10.1109/COMPSAC.2015.103]
[http://dx.doi.org/10.1145/2480362.2480701]
[http://dx.doi.org/10.1109/MALWARE.2010.5665792]
[http://dx.doi.org/10.1109/ICMLC.2014.7009096]
[http://dx.doi.org/10.1145/3041008.3041010]
[http://dx.doi.org/10.1145/2799979.2800003]
[http://dx.doi.org/10.1016/j.neunet.2014.09.003] [PMID: 25462637]
[http://dx.doi.org/10.1007/s13244-018-0639-9] [PMID: 29934920]
[http://dx.doi.org/10.1016/S0925-2312(01)00706-8]
[http://dx.doi.org/10.1016/j.patrec.2014.01.008]
[http://dx.doi.org/10.1109/TIFS.2018.2866319]
[http://dx.doi.org/10.1109/CNS.2018.8433204]
[http://dx.doi.org/10.1145/3029806.3029823]
[http://dx.doi.org/10.35940/ijitee.L1189.10812S19]
[http://dx.doi.org/10.1109/WIW.2016.040]
[http://dx.doi.org/10.1109/INTELCCT.2017.8324010]
[http://dx.doi.org/10.1109/ISI.2017.8004891]
[http://dx.doi.org/10.1109/TST.2016.7399288]
[http://dx.doi.org/10.1109/ICCE.2018.8326293]
[http://dx.doi.org/10.3233/JIFS-169424]
[http://dx.doi.org/10.1109/ICSSA.2017.18]
[http://dx.doi.org/10.1007/978-3-319-47121-1_5]
[http://dx.doi.org/10.1016/j.procs.2017.08.216]
[http://dx.doi.org/10.1145/2740070.2631434]
[http://dx.doi.org/10.1145/3264746.3264780]
[http://dx.doi.org/10.1016/j.diin.2018.01.007]
[http://dx.doi.org/10.1109/CCST.2018.8585560]
[http://dx.doi.org/10.1155/2017/4956386]
[http://dx.doi.org/10.2174/1872212111666170531115707]
[http://dx.doi.org/10.1080/01969722.2018.1429835]
[http://dx.doi.org/10.1177/0165551518789880]