Skip to main content

Table 5 A comparison of the reviewed behavior-based articles

From: A state-of-the-art survey of malware detection approaches using data mining techniques

Method Main idea Advantages Disadvantages Target environment
DeepAM Deep learning malware detection [9] Solving the encrypted
Problem in malware detection
Higher accuracy
High cost
High timely
Embedded systems
QDFG Graph mining in malware detection [21] Reducing response time High complexity
High cost
Smartphone
DMDAM Android malware detection [6] Reducing concepts for increasing feature selection
High accuracy
High complexity
Run-time overhead
Smartphone
AMP Android malware detection [22] High accuracy High cost Smartphone
AMD Android malware detection [38] Higher accuracy than the other neuro-fuzzy approaches
Minimum false positive and false negative
Did not considering dynamic analysis of Android apps
Run-time overhead
Smartphone
AMAL AMAL: automated malware analysis [39] Providing high levels of precision, recall, and accuracy
Low cost
IP reputation
High overhead
Smartphone
AMCS Android Malware Characterization and Detection [40] Conducting static and dynamic analyses to extract features from each applications
Deploying online testing for Droid-detector
High cost
High overhead on API calls
Smartphone
DPIM Deep Packet Inspection for malware [41] High classification accuracy
Independence from packet payloads
Decoupling between detection and attribution
Datasets over fitting
High complexity
Windows-based
OOM Objective Oriented malware [42] Adapting multiple association rules
Improve the running speed of classification
High complexity
High cost
Not analyzing unmatched files
Windows-based
HAM Hybrid analysis malware [43] Low execution overhead
High accuracy time
High time consumption Windows-based
BBA Bilayer behavior abstraction [44] Low overhead Did not analyzing feature selection Windows-based
Mspec Malware specifications [45] Good normalizing features
Low execution time
Did not analyzing the accuracy conditions
High complexity
Windows-based
SyCM System-call malware [46] High accuracy
High dependency analysis for calls
High time consumption Smartphone
ABM Android based malware [47] Using multi-feature attributes
High scalability
High complexity
High execution time
Smartphone
DBM Behavioral malware [48] Extracting XML to feature files
High scalability
High complexity Windows-based
MAPI Malicious code based on API [49] Adding additional heuristic occupations to show more actions
High accuracy rates
Not suitable for samples of external events
Existence analysis
Windows-based
CloudIntell Feature extraction method in cloud [18] Lowest energy consumption
High scalability
High complexity
High response time
Windows-based
SDMS Security dependency network for malware detection [50] Low response time
High accuracy
High energy
High complexity
Windows-based
DFAMD Data flow android malware detection [51] High efficiency
Low overhead
Low time
High complexity
High dependency
Smartphone
SCCMD So-called compression-based malware detection [21] High efficiency
Low complexity
High response time Windows-based
DeepFlow Deep-learning malware detection [52]    Smartphone