Table 3 A side-by-side comparison of the reviewed signature-based articles
From: A state-of-the-art survey of malware detection approaches using data mining techniques
Method | Main idea | Advantages | Disadvantages | Target environment |
|---|---|---|---|---|
PMD | Polymorphic Malware Detection (PMD) [25] | Low cost High accuracy | Increasing total feature selection | Windows-based |
SigPID | Significant permission identification android malware detection (SigPID) [19] | Low cost High accuracy | Low scanning | Smartphone |
OpCode | Graph malware detection [3] | Low complexity Low cost | Low timely High robustness | Embedded systems |
Droid | Droid malware detection [11] | Fast feature selection | High complexity | Smartphone |
APMD | API malware detection (APMD) [23] | Low monitoring overhead High accuracy | High cost | Windows-based |
SVDD | N-grams malware detection [20] | High detection accuracy | Did not analyzing feature selection | Windows-based |
SMD | Smartphone malware detection (SMD) [29] | Combining static malware analysis and dynamic malware analysis Presenting novel the clone and the mutation mechanism | Did not comparing with other classification approaches Low accuracy | Smartphone |
SAAM | Symbolic aggregate approximation for malwares (SAAM) [30] | Best packet classification High accuracy Presenting a data transformation method to reduce the space complexity | Did not examine the multiple packing algorithms. | Windows-based |
SOMM | Service-Oriented mobile malware detection (SoMM) [31] | High detection accuracy High scaling | High traffic Did not analyzing behavior of malwares | Smartphone |
SPM | Sequential pattern mining (SMP) [32] | High accuracy Low overhead | Did not analyzing feature selection | Windows-based |
FPM | Frequent pattern mining (FPM) [33] | Presenting automatic train approach | Not analysis discriminative frequent behavior patterns High overhead | Windows-based |
MOED | Multi-objective evolutionary detection (MOED) [34] | High speed detection High accuracy Low overhead | Using traditional detection engines | Smartphone |
Opcode | Opcode sequences [35] | Prefect detection ratio of unknown malware | Did not analyze instance selection | Smartphone |
MobA | Mobile android [24] | Good attribute selection Low overhead | High complexity Did not analysis countermeasures | Smartphone |
SHMD | Signature and Heuristic-based malware detection [36] | Low overhead Best binary feature selection | High time complexity High cost | Smartphone |
MKLDroid | A multi-view context-aware approach to Android malware detection [15] | High efficiency Run time detection | High complexity Did not analyzing feature selection | Smartphone |
DBScan | Hybrid pattern based text mining approach [17] | Low overhead | High time Low scalability | Windows-based |
DroidNative | Android malware detector with control flow patterns [37] | Low time High efficiency | Low scalability High cost | Smartphone |
BAM | Hybrid malware detection with binary associative memory [13] | High efficiency | High complexity | Windows-based |