Research Article

PICAndro: Packet InspeCtion-Based Android Malware Detection

Table 1

A comparison of Android malware detection approaches based on network features, deep learning, and image-based models.

AuthorYearDetection featuresTechniqueDataset

NetworkLi et al. [12]2014Network featuresSVMSelf collected
Arora et al. [13]2014Traffic statisticsDecision treeAndroid MalGenome
Malik and Kaushal [14]2016DNS queriesWoT matchingAndroid MalGenome
Wang et al. [15]2017URL text semanticsSVMSelf collected
Zulkifli et al. [16]2018Traffic statisticsDecision treeAndroid MalGenome
Abuthawabeh and Mahmoud [17]2019Conversation levelExtraTree classifierCICAndMal2017
Sanz et al. [18]2020TCP/IP headerRandom forestSelf collected

Deep learningYuan et al. [19]2016Advertising, API, intent, network, permissionDeep belief networksContagio, MalGenome
Kim et al. [20]2018Opcode, API, library, permission, componentsMultimodal deep learningVirusShare, MalGenome
Alzaylaee et al. [21]2020Permission, events, and application attributesMLPMcAfee labs
Sihag et al. [22]2021System calls, binder callNeural networkMalDroid2020
Zhang et al. [23]2021Text sequencingCNNContagio, MalGenome
Bayazit et al. [24]2021IP addressNNCICAndMal2017

ImageDing et al. [25]2020Byte codeCNNDrebin
Mercaldo and Santone [26]2020APK rawNeural networkAMD dataset
Ünver and Bakour [27]2020Binary bitstreamMachine learningDrebin MalGenome, AMD
Darwaish et al. [28]2021Permissions, intents, components, APICNNAndroZoo