Skip to main content
Springer Nature Link
Log in

Android Malware Detection Based on Static Analysis and Data Mining Techniques: A Systematic Literature Review

  • Conference paper
  • First Online:
Broadband Communications, Networks, and Systems (BROADNETS 2023)

Abstract

Android applications are proliferating, which has led to the rise of android malware. Many research studies have proposed various detection frameworks for android malware detection. Literature suggests that static malware detection techniques are practical and assuring for detecting android malware. This paper presents a thorough survey of data mining-based static malware detection. We briefly discuss the growth of android malware and current detection techniques and offer a comprehensive analysis and summary of studies for each data mining-based malware detection phase, such as data acquisition, preprocessing, feature extraction, learning algorithms, and evaluation. Finally, we highlight some challenges and open issues in data mining-based android malware detection. This review will help understand the complete picture of static android malware detection and serve as a basis for malware detection in general.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Android - Statistics & Facts. https://www.statista.com/topics/876/android/

  2. Development of new android malware worldwide. https://www.statista.com/statistics/680705/global-android-malware-volume/

  3. Almahmoud, M., Alzu’bi, D., Yaseen, Q.: ReDroidDet: android malware detection based on recurrent neural network. Procedia Comput. Sci. 184, 841–846 (2021)

    Article  Google Scholar 

  4. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Network and Distributed System Security Symposium (NDSS), vol. 14, pp. 23–26 (2014)

    Google Scholar 

  5. Booz, J., McGiff, J., Hatcher, W.G., Yu, W., Nguyen, J., Lu, C.: Tuning deep learning performance for android malware detection. In: 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 140–145. IEEE (2018)

    Google Scholar 

  6. Borders, K., Prakash, A.: Web tap: detecting covert web traffic. In: 11th ACM Conference on Computer and Communications Security (CCS), pp. 110–120 (2004)

    Google Scholar 

  7. Cai, M., Jiang, Y., Gao, C., Yuan, W.: Learning features from enhanced function call graphs for android malware detection. Neurocomputing 423, 301–307 (2021)

    Article  Google Scholar 

  8. Chan, P.P., Song, W.K.: Static detection of Android malware by using permissions and API calls. In: International Conference on Machine Learning and Cybernetics, vol. 1, pp. 82–87. IEEE (2014)

    Google Scholar 

  9. Craig-Lees, M.: Sense making: trojan horse? Pandora’s box? Psychol. Mark. 18(5), 513–526 (2001)

    Article  Google Scholar 

  10. Fereidooni, H., Conti, M., Yao, D., Sperduti, A.: ANASTASIA: ANdroid mAlware detection using STatic analySIs of applications. In: 8th International Conference on New Technologies, Mobility and Security, pp. 1–5. IEEE (2016)

    Google Scholar 

  11. Gao, T., Peng, W., Sisodia, D., Saha, T.K., Li, F., Al Hasan, M.: Android malware detection via graphlet sampling. IEEE Trans. Mob. Comput. 18(12), 2754–2767 (2018)

    Article  Google Scholar 

  12. Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of android malware using embedded call graphs. In: ACM Workshop on Artificial Intelligence and Security, pp. 45–54 (2013)

    Google Scholar 

  13. Hota, A., Irolla, P.: Deep neural networks for android malware detection. In: International Conference on Information Systems Security and Privacy (ICISSP), pp. 657–663. IEEE (2019)

    Google Scholar 

  14. Hou, S., Saas, A., Ye, Y., Chen, L.: DroidDelver: an android malware detection system using deep belief network based on API call blocks. In: Song, S., Tong, Y. (eds.) WAIM 2016. LNCS, vol. 9998, pp. 54–66. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47121-1_5

    Chapter  Google Scholar 

  15. Huang, N., Xu, M., Zheng, N., Qiao, T., Choo, K.K.R.: Deep android malware classification with API-based feature graph. In: IEEE TrustCom/BigDataSE, pp. 296–303. IEEE (2019)

    Google Scholar 

  16. Jensen, R., Shen, Q.: Semantics-preserving dimensionality reduction: rough and fuzzy-rough-based approaches. IEEE Trans. Knowl. Data Eng. 16(12), 1457–1471 (2004)

    Article  Google Scholar 

  17. Jerome, Q., Allix, K., State, R., Engel, T.: Using opcode-sequences to detect malicious android applications. In: IEEE ICC, pp. 914–919. IEEE (2014)

    Google Scholar 

  18. Karbab, E.B., Debbabi, M., Derhab, A., Mouheb, D.: MalDozer: automatic framework for android malware detection using deep learning. Digit. Investig. 24, S48–S59 (2018)

    Article  Google Scholar 

  19. Kim, J., Ban, Y., Ko, E., Cho, H., Yi, J.H.: MAPAS: a practical deep learning-based android malware detection system. Int. J. Inf. Secur. 21, 1–14 (2022)

    Article  Google Scholar 

  20. Kiss, N., Lalande, J.F., Leslous, M., Tong, V.V.T.: Kharon dataset: android malware under a microscope. In: The LASER Workshop 2016, pp. 1–12 (2016)

    Google Scholar 

  21. Koli, J.: RanDroid: android malware detection using random machine learning classifiers. In: IEEE ICSESP. pp. 1–6. IEEE (2018)

    Google Scholar 

  22. Lee, J., Jang, H., Ha, S., Yoon, Y.: Android malware detection using ml with feature selection based on the genetic algorithm. Mathematics 9(21), 2813 (2021)

    Article  Google Scholar 

  23. Lee, W.Y., Saxe, J., Harang, R.: SeqDroid: obfuscated android malware detection using stacked convolutional and recurrent neural networks. In: Alazab, M., Tang, M.J. (eds.) Deep Learning Applications for Cyber Security. ASTSA, pp. 197–210. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-13057-2_9

    Chapter  Google Scholar 

  24. Li, D., Wang, Z., Xue, Y.: Fine-grained android malware detection based on deep learning. In: IEEE CNS, pp. 1–2. IEEE (2018)

    Google Scholar 

  25. Li, X., Liu, J., Huo, Y., Zhang, R., Yao, Y.: An android malware detection method based on AndroidManifest file. In: IEEE CCIS, pp. 239–243. IEEE (2016)

    Google Scholar 

  26. Liu, K., Xu, S., Xu, G., Sun, D., Liu, H.: A review of android malware detection approaches based on machine learning. IEEE Access 8, 124579–124607 (2020)

    Article  Google Scholar 

  27. Lou, S., Cheng, S., Huang, J., Jiang, F.: TFDroid: android malware detection by topics and sensitive data flows using machine learning techniques. In: International Conference on Information and Computer Technologies, pp. 30–36. IEEE (2019)

    Google Scholar 

  28. Maiorca, D., Ariu, D., Corona, I., Aresu, M., Giacinto, G.: Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput. Secur. 51, 16–31 (2015)

    Article  Google Scholar 

  29. Narayanan, A., Chandramohan, M., Chen, L., Liu, Y.: Context-aware, adaptive, and scalable android malware detection through online learning. IEEE Trans. Emerg. Top. Comput. Intell. 1(3), 157–175 (2017)

    Article  Google Scholar 

  30. Oak, R., Du, M., Yan, D., Takawale, H., Amit, I.: Malware detection on highly imbalanced data through sequence modeling. In: 12th ACM Workshop on Artificial Intelligence and Security, pp. 37–48 (2019)

    Google Scholar 

  31. Pan, Y., Ge, X., Fang, C., Fan, Y.: A systematic literature review of android malware detection using static analysis. IEEE Access 8, 116363–116379 (2020)

    Article  Google Scholar 

  32. Rathore, H., Agarwal, S., Sahay, S.K., Sewak, M.: Malware detection using machine learning and deep learning. In: Mondal, A., Gupta, H., Srivastava, J., Reddy, P.K., Somayajulu, D.V.L.N. (eds.) BDA 2018. LNCS, vol. 11297, pp. 402–411. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04780-1_28

    Chapter  Google Scholar 

  33. Rathore, H., Nikam, P., Sahay, S.K., Sewak, M.: Identification of adversarial android intents using reinforcement learning. In: International Joint Conference on Neural Networks (IJCNN), pp. 1–8. IEEE (2021)

    Google Scholar 

  34. Rathore, H., Sahay, S.K., Rajvanshi, R., Sewak, M.: Identification of significant permissions for efficient android malware detection. In: Gao, H., J. Durán Barroso, R., Shanchen, P., Li, R. (eds.) BROADNETS 2020. LNICST, vol. 355, pp. 33–52. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68737-3_3

    Chapter  Google Scholar 

  35. Rathore, H., Sahay, S.K., Thukral, S., Sewak, M.: Detection of malicious android applications: classical machine learning vs. deep neural network integrated with clustering. In: Gao, H., J. Durán Barroso, R., Shanchen, P., Li, R. (eds.) BROADNETS 2020. LNICST, vol. 355, pp. 109–128. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68737-3_7

    Chapter  Google Scholar 

  36. Rathore, H., Samavedhi, A., Sahay, S.K., Sewak, M.: Robust malware detection models: learning from adversarial attacks and defenses. Forensic Sci. Int.: Digit. Invest. 37, 301183 (2021)

    Google Scholar 

  37. Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: 17th ACM symposium on Access Control Models and Technologies, pp. 13–22 (2012)

    Google Scholar 

  38. Sewak, M., Sahay, S.K., Rathore, H.: DeepIntent: implicitintent based android IDS with E2E deep learning architecture. In: IEEE PIMRC, pp. 1–6. IEEE (2020)

    Google Scholar 

  39. Sewak, M., Sahay, S.K., Rathore, H.: Value-approximation based deep reinforcement learning techniques: an overview. In: International Conference on Computing Communication and Automation, pp. 379–384. IEEE (2020)

    Google Scholar 

  40. Sewak, M., Sahay, S.K., Rathore, H.: Deep reinforcement learning for cybersecurity threat detection and protection: A review. In: Krishnan, R., Rao, H.R., Sahay, S.K., Samtani, S., Zhao, Z. (eds.) SKM 2021. CCISv, vol. 1549, pp. 51–72. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-97532-6_4

    Chapter  Google Scholar 

  41. Sewak, M., Sahay, S.K., Rathore, H.: DRLDO: a novel DRL based de-obfuscation system for defence against metamorphic malware. Def. Sci. J. 71(1), 55–65 (2021)

    Article  Google Scholar 

  42. Sewak, M., Sahay, S.K., Rathore, H.: Policy-approximation based deep reinforcement learning techniques: an overview. In: Joshi, A., Mahmud, M., Ragel, R.G., Thakur, N.V. (eds.) Information and Communication Technology for Competitive Strategies (ICTCS 2020). LNNS, vol. 191, pp. 493–507. Springer, Singapore (2022). https://doi.org/10.1007/978-981-16-0739-4_47

    Chapter  Google Scholar 

  43. Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: International Conference on Computational Intelligence and Security, pp. 329–333. IEEE (2010)

    Google Scholar 

  44. Sharma, A., Sahay, S.K.: Group-wise classification approach to improve android malicious apps detection accuracy. arXiv preprint arXiv:1904.02122 (2019)

  45. Spafford, E.H.: The internet worm program: an analysis. ACM SIGCOMM Comput. Commun. Rev. 19(1), 17–57 (1989)

    Article  Google Scholar 

  46. Stinson, E., Mitchell, J.C.: Characterizing bots’ remote control behavior. In: M. Hämmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 89–108. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_6

    Chapter  Google Scholar 

  47. Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional (2005)

    Google Scholar 

  48. Tan, D.J., Chua, T.W., Thing, V.L.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. (CSUR) 47(4), 1–45 (2015)

    Article  Google Scholar 

  49. Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12

    Chapter  Google Scholar 

  50. Yang, M., Wen, Q.: Detecting android malware by applying classification techniques on images patterns. In: IEEE ICCCBDA, pp. 344–347. IEEE (2017)

    Google Scholar 

  51. Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-sec: deep learning in android malware detection. In: ACM Conference on SIGCOMM, pp. 371–372 (2014)

    Google Scholar 

  52. Zhang, X., Mathur, A., Zhao, L., Rahmat, S., Javaid, A., Yang, X.: An early detection of android malware using system calls based machine learning model. In: International Conference on Availability, Reliability and Security, pp. 1–9 (2022)

    Google Scholar 

  53. Zhang, Y., Yang, M., Yang, Z., Gu, G., Ning, P., Zang, B.: Permission use analysis for vetting undesirable behaviors in android apps. IEEE Trans. Inf. Forensics Secur. 9(11), 1828–1842 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CS and IS, BITS Pilani, K K Birla Goa Campus, Goa, India

    Hemant Rathore, Soham Chari, Nishant Verma, Sanjay K. Sahay & Mohit Sewak

Authors
  1. Hemant Rathore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Soham Chari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nishant Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sanjay K. Sahay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohit Sewak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hemant Rathore .

Editor information

Editors and Affiliations

  1. Harbin Engineering University, Harbin, Heilongjiang, China

    Wei Wang

  2. Shanghai Jiao Tong University, Shanghai, China

    Jun Wu

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rathore, H., Chari, S., Verma, N., Sahay, S.K., Sewak, M. (2023). Android Malware Detection Based on Static Analysis and Data Mining Techniques: A Systematic Literature Review. In: Wang, W., Wu, J. (eds) Broadband Communications, Networks, and Systems. BROADNETS 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 511. Springer, Cham. https://doi.org/10.1007/978-3-031-40467-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-40467-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-40466-5

  • Online ISBN: 978-3-031-40467-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics