TY - JOUR
T1 - Hybrid Android Malware Detection
T2 - A Review of Heuristic-Based Approach
AU - Yunmar, Rajif Agung
AU - Kusumawardani, Sri Suning
AU - Widyawan,
AU - Mohsen, Fadi
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2024/3/18
Y1 - 2024/3/18
N2 - Over the last decade, numerous research efforts have been dedicated to countering malicious mobile applications. Given its market share, Android OS has been the primary target for most of these apps. Researchers have devised numerous solutions to protect Android devices and their users, categorizing them into static and dynamic approaches. Each of these approaches has its own advantages and disadvantages. The hybrid approach aims to combine the benefits of both. This study closely examines the hybrid solutions proposed between 2012 and 2023, highlighting their strengths and limitations. The objective of this study is to provide a comprehensive review of existing research on Android malware detection using a hybrid approach. Our review identifies several issues related to hybrid detection approaches, including datasets, feature utilization and selection, working environments, detection order mechanisms, integrity of the detection step, detection algorithms, and the use of automated input generation. Key findings of this study include: (i) the majority of studies have not adequately addressed on-device detection and have overlooked the importance of system usability, (ii) many studies rely on outdated datasets that do not accurately represent the current threat landscape, (iii) there is a need for a methodology to detect zero-day attacks, and (iv) most research has not paid attention to the impact of automated input generation on malware behavior and code coverage. We also discuss some open issues and future directions that will help substantiate the hybrid approach study.
AB - Over the last decade, numerous research efforts have been dedicated to countering malicious mobile applications. Given its market share, Android OS has been the primary target for most of these apps. Researchers have devised numerous solutions to protect Android devices and their users, categorizing them into static and dynamic approaches. Each of these approaches has its own advantages and disadvantages. The hybrid approach aims to combine the benefits of both. This study closely examines the hybrid solutions proposed between 2012 and 2023, highlighting their strengths and limitations. The objective of this study is to provide a comprehensive review of existing research on Android malware detection using a hybrid approach. Our review identifies several issues related to hybrid detection approaches, including datasets, feature utilization and selection, working environments, detection order mechanisms, integrity of the detection step, detection algorithms, and the use of automated input generation. Key findings of this study include: (i) the majority of studies have not adequately addressed on-device detection and have overlooked the importance of system usability, (ii) many studies rely on outdated datasets that do not accurately represent the current threat landscape, (iii) there is a need for a methodology to detect zero-day attacks, and (iv) most research has not paid attention to the impact of automated input generation on malware behavior and code coverage. We also discuss some open issues and future directions that will help substantiate the hybrid approach study.
KW - Android malware
KW - heuristic-based detection
KW - hybrid approach
UR - http://www.scopus.com/inward/record.url?scp=85188465510&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2024.3377658
DO - 10.1109/ACCESS.2024.3377658
M3 - Article
AN - SCOPUS:85188465510
SN - 2169-3536
VL - 12
SP - 41255
EP - 41286
JO - IEEE Access
JF - IEEE Access
ER -