Research Article
PICAndro: Packet InspeCtion-Based Android Malware Detection
Table 1
A comparison of Android malware detection approaches based on network features, deep learning, and image-based models.
| | Author | Year | Detection features | Technique | Dataset |
| Network | Li et al. [12] | 2014 | Network features | SVM | Self collected | Arora et al. [13] | 2014 | Traffic statistics | Decision tree | Android MalGenome | Malik and Kaushal [14] | 2016 | DNS queries | WoT matching | Android MalGenome | Wang et al. [15] | 2017 | URL text semantics | SVM | Self collected | Zulkifli et al. [16] | 2018 | Traffic statistics | Decision tree | Android MalGenome | Abuthawabeh and Mahmoud [17] | 2019 | Conversation level | ExtraTree classifier | CICAndMal2017 | Sanz et al. [18] | 2020 | TCP/IP header | Random forest | Self collected |
| Deep learning | Yuan et al. [19] | 2016 | Advertising, API, intent, network, permission | Deep belief networks | Contagio, MalGenome | Kim et al. [20] | 2018 | Opcode, API, library, permission, components | Multimodal deep learning | VirusShare, MalGenome | Alzaylaee et al. [21] | 2020 | Permission, events, and application attributes | MLP | McAfee labs | Sihag et al. [22] | 2021 | System calls, binder call | Neural network | MalDroid2020 | Zhang et al. [23] | 2021 | Text sequencing | CNN | Contagio, MalGenome | Bayazit et al. [24] | 2021 | IP address | NN | CICAndMal2017 |
| Image | Ding et al. [25] | 2020 | Byte code | CNN | Drebin | Mercaldo and Santone [26] | 2020 | APK raw | Neural network | AMD dataset | Ünver and Bakour [27] | 2020 | Binary bitstream | Machine learning | Drebin MalGenome, AMD | Darwaish et al. [28] | 2021 | Permissions, intents, components, API | CNN | AndroZoo |
|
|