Skip to main content

Table 6 A side-by-side comparison of the important factors in behavior-based detection of each article

From: A state-of-the-art survey of malware detection approaches using data mining techniques

Case study Classification approach Data analysis method Used dataset Total dataset Accuracy
Deep learning malware detection [9] DeepAM Dynamic Windows API calls in Comodo Cloud Security Center 2000 98
Graph mining in malware detection [21] Graph search Dynamic Windows sandbox malware 6994 96
Android malware detection [6] Random forest Dynamic Android applications 170 86
Android malware detection [22] Multilayer perceptron Dynamic Several websites 734 97
Android malware detection [38] Evolving neuro-fuzzy inference system Dynamic Google play and android
Malware genome Project
500 90
AMAL: automated malware analysis [39] Decision trees Dynamic Random sample from internal user and external customers such as antivirus companies 2086 98
Android malware characterization and detection [40] Deep belief networks Hybrid Google play and android
Malware genome project
1860 96.76
Deep Packet Inspection for malware [41] BoostedJ48, J48, Naïve Bayesian and SVM Dynamic Wireless and Secure Networks Research Lab 4560 99
Objective Oriented malware [42] Multiple association rules Hybrid Several websites 8000 97.2
Hybrid analysis malware [43] Bayesian network, Naive Bayes, Lazy K-Stare Hybrid Selected randomly from malware repository of APA, the security research laboratory at Shiraz University 3000 95.27
Bilayer behavior abstraction [44] SMV, Naïve Bayes, decision tree, logistic regression Dynamic Open-access malware database such as
VXHeaven website
17,000 94
Malware specifications [45] System call dependency graph Dynamic VXHeavens website 5200 92
System-call malware [46] SaMe-NP Dynamic Variety of commodity software types including editors, office suites, media players, 2667 95.9
Android based malware [47] J48, SVM, IBk, NaiveBayes Static Google play and android
Malware services
2000 98.91
Behavioral Malware [48] Regression, SVM, J48 Dynamic Web data commons library in VirusSign and VXHeaven 7000 98.3
Malicious code based on API [49] Decision tree, SVM and random forest Dynamic API hooking library in VirusSign 2000 96.89
Feature extraction method in cloud [18] Decision tree, SVM, Boosting Static Random dataset of VirusTotal 15,000 99.69
Security dependency network for malware detection [50] No read down and no write up Dynamic VXHeavens website 7257 93.92
Data flow android malware detection [51] KNN, LR, BN Static VXHeavens website and Google play 2200 97.66
So-called compression-based malware detection [21] k-NN, QDA, LDA, SVN, Decision Trees, and random forest Dynamic Cuckoo sandbox 7507 99.3
Deep-learning malware detection [52] Naive Bayes, PART, Logistic Regression, SVM and MLP Hybrid Google play, virus share 11,000 95.05