Table 1. Comparison malware analysis techniques.
Previous works compared using static, dynamic, and hybrid techniques.
| Year | References | Analysis | Features |
|---|---|---|---|
| 2020 | Fang et al. (2020) | Static | Texture, color, text |
| 2019 | Qiu et al. (2019) | Static | permissions, API calls, network addresses |
| 2019 | Zhang, Thing & Cheng (2019) | Static | Assembly, Dex, Xml, Apk |
| 2019 | Xu, Ren & Song (2019) | Static | CFG, DFG |
| 2019 | Omid Mirzaeiq et al. (2019) | Static | API calls |
| 2019 | Vega & Quintián (0000) | Static | Repackaging and standalone |
| 2019 | Vega et al. (2019) | Static | Root node, decision nodes, and leaf nodes |
| 2019 | Fasano et al. (2019) | Static | |
| 2019 | Blanc et al. (2019) | Static | Code metric |
| 2019 | Xie et al. (2019) | Static | Platform-based permissions, hard- ware components, and suspicious API calls |
| 2019 | Turker & Can (2019) | Static | Permissions and API calls |
| 2018 | Atzeni et al. (2018) | Hybrid | Manifest file (i.e., number of activities, permissions, receivers, filters), and the source code analysis |
| 2018 | Kim et al. (2019) | Hybrid | API call |
| 2018 | Ming Fan et al. (2018) | Static | Weighted-sensitive-API-call-based graph |
| 2018 | Sun et al. (2018, 2019) | Dynamic | Enabling the recording of parameters and return value of an API call |
| 2018 | Martín, Rodríguez-Fernández & Camacho (2018) | Dynamic | transitions probabilities, states frequencies, and aggregated state frequencies grouped |
| 2018 | Aktas & Sen (2018) | Hybrid | number of activities, services and receivers given in the Manifest file and the size of the APK file |
| 2018 | Garcia, Hammad & Malek (2018) | Static | API usage, reflection-based features, and features from native binaries of apps |
| 2018 | Calleja et al. (2018) | Static | API calls, intent actions and information flow |
| 2018 | Alswaina & Elleithy (2018) | Static | App’s permissions |
| 2017 | Massarelli et al. (2017) | Dynamic | Fingerprint |
| 2017 | Zhou et al. (2017) | Static | API call graphs |
| 2017 | Chakraborty, Pierazzi & Subrahmanian (2020) | Hybrid | API calls, code, Android Manifest, encryption or reflection |
| 2017 | Sedano et al. (2017b) | Static | Minimum-Redundancy Maximum- Relevance (MRMR) |
| 2016 | Battista et al. (2016) | Static | Java Bytecode |
| 2016 | Hsiao, Sun & Chen (2016) | Dynamic | API call |
| 2016 | González, Herrero & Corchado (2017) | Static | API call and the names of functions and methods |
| 2016 | Ming Fan et al. (2018) | Static | Subgraph |
| 2016 | Kang et al. (2016) | Static | n-opcode feature |
| 2016 | Malik & Khatter (2016) | Dynamic | System call |
| 2016 | Sedano et al. (2017a) | Static | Manifest file, apk file |
| 2016 | Feng et al. (2017) | Hybrid | Malware signatures |
| 2015 | Lee, Lee & Lee (2015) | Static | Signature extraction signature matching |
| 2015 | Aresu et al. (2016) | Dynamic | Fine-grained HTTP structural |
| 2015 | Li et al. (2015) | Static | API data dependency |
| 2014 | Deshotels, Notani & Lakhotia (2014a) | Static | API call, apk |
| 2014 | Kang et al. (2013) | Static | Bytecode frequency |
| 2014 | Suarez-Tangil et al. (2014) | Static | Code structures |