Table 4. Advantages and disadvantages between dynamic, static and hybrid.
Dynamic, static, and hybrid analysis techniques have their own pros and cons. This table summarizes the advantages and disadvantages of these techniques.
| Dynamic | Static | Hybrid |
|---|---|---|
| Advantages | ||
| Able to detect unknown malware | Able to detect unknown malware with the aid of machine learning | Able to detect unknown malware with combination of static and dynamic analysis |
| Able to detect benign applications, which abruptly transform into malware during its execution | The application of reverse engineer takes a short amount of time | |
| The examination on the overall code, followed by the identification of a possible action | ||
| Low resources (e.g., CPU, memory, network, and storage). Therefore, this analysis is suitable for mobile device which equipped with low specifications. | ||
| Limitations | ||
| High resources (e.g., CPU, memory, network, and storage) | Inability to detect normal application, which promptly transforms the malware | Waste of time |
| Higher time consumption to run the application for further analysis and exploration | Obfuscation | Require more spaces for huge number of malware samples |
| Possibly omits the malware activities outside the analysis range | The investigation is continued to determine the minimal features (e.g., permission, a function call, and strings) to detect malware | |
| Difficulty in detecting applications, which can hide malicious behaviour when it is operated | ||
| The investigation is continued to determine the minimal features (e.g., traffic and memory) to detect malware | ||