Table 6 A side-by-side comparison of the important factors in behavior-based detection of each article
From: A state-of-the-art survey of malware detection approaches using data mining techniques
Case study | Classification approach | Data analysis method | Used dataset | Total dataset | Accuracy % |
|---|---|---|---|---|---|
Deep learning malware detection [9] | DeepAM | Dynamic | Windows API calls in Comodo Cloud Security Center | 2000 | 98 |
Graph mining in malware detection [21] | Graph search | Dynamic | Windows sandbox malware | 6994 | 96 |
Android malware detection [6] | Random forest | Dynamic | Android applications | 170 | 86 |
Android malware detection [22] | Multilayer perceptron | Dynamic | Several websites | 734 | 97 |
Android malware detection [38] | Evolving neuro-fuzzy inference system | Dynamic | Google play and android Malware genome Project | 500 | 90 |
AMAL: automated malware analysis [39] | Decision trees | Dynamic | Random sample from internal user and external customers such as antivirus companies | 2086 | 98 |
Android malware characterization and detection [40] | Deep belief networks | Hybrid | Google play and android Malware genome project | 1860 | 96.76 |
Deep Packet Inspection for malware [41] | BoostedJ48, J48, Naïve Bayesian and SVM | Dynamic | Wireless and Secure Networks Research Lab | 4560 | 99 |
Objective Oriented malware [42] | Multiple association rules | Hybrid | Several websites | 8000 | 97.2 |
Hybrid analysis malware [43] | Bayesian network, Naive Bayes, Lazy K-Stare | Hybrid | Selected randomly from malware repository of APA, the security research laboratory at Shiraz University | 3000 | 95.27 |
Bilayer behavior abstraction [44] | SMV, Naïve Bayes, decision tree, logistic regression | Dynamic | Open-access malware database such as VXHeaven website | 17,000 | 94 |
Malware specifications [45] | System call dependency graph | Dynamic | VXHeavens website | 5200 | 92 |
System-call malware [46] | SaMe-NP | Dynamic | Variety of commodity software types including editors, office suites, media players, | 2667 | 95.9 |
Android based malware [47] | J48, SVM, IBk, NaiveBayes | Static | Google play and android Malware services | 2000 | 98.91 |
Behavioral Malware [48] | Regression, SVM, J48 | Dynamic | Web data commons library in VirusSign and VXHeaven | 7000 | 98.3 |
Malicious code based on API [49] | Decision tree, SVM and random forest | Dynamic | API hooking library in VirusSign | 2000 | 96.89 |
Feature extraction method in cloud [18] | Decision tree, SVM, Boosting | Static | Random dataset of VirusTotal | 15,000 | 99.69 |
Security dependency network for malware detection [50] | No read down and no write up | Dynamic | VXHeavens website | 7257 | 93.92 |
Data flow android malware detection [51] | KNN, LR, BN | Static | VXHeavens website and Google play | 2200 | 97.66 |
So-called compression-based malware detection [21] | k-NN, QDA, LDA, SVN, Decision Trees, and random forest | Dynamic | Cuckoo sandbox | 7507 | 99.3 |
Deep-learning malware detection [52] | Naive Bayes, PART, Logistic Regression, SVM and MLP | Hybrid | Google play, virus share | 11,000 | 95.05 |