Table 5 A comparison of the reviewed behavior-based articles
From: A state-of-the-art survey of malware detection approaches using data mining techniques
Method | Main idea | Advantages | Disadvantages | Target environment |
|---|---|---|---|---|
DeepAM | Deep learning malware detection [9] | Solving the encrypted Problem in malware detection Higher accuracy | High cost High timely | Embedded systems |
QDFG | Graph mining in malware detection [21] | Reducing response time | High complexity High cost | Smartphone |
DMDAM | Android malware detection [6] | Reducing concepts for increasing feature selection High accuracy | High complexity Run-time overhead | Smartphone |
AMP | Android malware detection [22] | High accuracy | High cost | Smartphone |
AMD | Android malware detection [38] | Higher accuracy than the other neuro-fuzzy approaches Minimum false positive and false negative | Did not considering dynamic analysis of Android apps Run-time overhead | Smartphone |
AMAL | AMAL: automated malware analysis [39] | Providing high levels of precision, recall, and accuracy Low cost | IP reputation High overhead | Smartphone |
AMCS | Android Malware Characterization and Detection [40] | Conducting static and dynamic analyses to extract features from each applications Deploying online testing for Droid-detector | High cost High overhead on API calls | Smartphone |
DPIM | Deep Packet Inspection for malware [41] | High classification accuracy Independence from packet payloads Decoupling between detection and attribution | Datasets over fitting High complexity | Windows-based |
OOM | Objective Oriented malware [42] | Adapting multiple association rules Improve the running speed of classification | High complexity High cost Not analyzing unmatched files | Windows-based |
HAM | Hybrid analysis malware [43] | Low execution overhead High accuracy time | High time consumption | Windows-based |
BBA | Bilayer behavior abstraction [44] | Low overhead | Did not analyzing feature selection | Windows-based |
Mspec | Malware specifications [45] | Good normalizing features Low execution time | Did not analyzing the accuracy conditions High complexity | Windows-based |
SyCM | System-call malware [46] | High accuracy High dependency analysis for calls | High time consumption | Smartphone |
ABM | Android based malware [47] | Using multi-feature attributes High scalability | High complexity High execution time | Smartphone |
DBM | Behavioral malware [48] | Extracting XML to feature files High scalability | High complexity | Windows-based |
MAPI | Malicious code based on API [49] | Adding additional heuristic occupations to show more actions High accuracy rates | Not suitable for samples of external events Existence analysis | Windows-based |
CloudIntell | Feature extraction method in cloud [18] | Lowest energy consumption High scalability | High complexity High response time | Windows-based |
SDMS | Security dependency network for malware detection [50] | Low response time High accuracy | High energy High complexity | Windows-based |
DFAMD | Data flow android malware detection [51] | High efficiency Low overhead Low time | High complexity High dependency | Smartphone |
SCCMD | So-called compression-based malware detection [21] | High efficiency Low complexity | High response time | Windows-based |
DeepFlow | Deep-learning malware detection [52] | Smartphone |