"Deep Learning for Android Malware Defenses: a SystematicLiterature Review" by Yue Liu, Li Li, Chakkrit Tantithamthavorn and Yepang Liu.
We have publiced our systematic review on Arxiv: https://arxiv.org/abs/2103.05292
- Paper lists
- Malware Data Collection
- Public tools
- Useful Research Works
- Recent Publications (Updating - 2021.04)
- Full lists of the reviewed paper
- The excluded studies by quality assessment
- Related papers (Updating)
- Malware Defenses Objectives
- malware detection
- malware family detection
- repackaged/fake app detection,
- adversarial learning attacks and protections
- malicious behavior analysis
- Deep Learning Techniques
- Multilayer Perceptrons
- Convolutional Neural Networks
- Recurrent Neural Networks
- Deep Relief Networks
- Autoencoders
- Generative Adversarial Networks
- Deep Hybrid Models
- Other Deep Learning Models
- Adversarial Attacks and Defenses
- Explainable Malware Defenses
- Deployment
- Off-device
- Cloud-based
- On-device
- Drebin: 123453 benign samples and 5560 malware(176 malware families) [pdf] [Link]
- Genome: 863 benign and 1260 malware [pdf] [Link]
- Contagio: 1150 malware [Link]
- AMD: 24553 malware [pdf] [Link]
- MalDroid: 17,341 Android samples; five distinct categories: Adware, Banking malware, SMS malware, Riskware, and Benign. [Link]
- RmvDroid: 9133 malware samples; [pdf][link]
- VirusShare [Link]
- VirusTotal [Project link] [Request for research Datasets]
- AndroidZoo [Link]
- Google Play [Link], [PlayDrone: Google crawler]
- Other thirt-party markets: HUAWEI, APKpure, MI store, Tencent, 360, Wandoujia, Aptoide,Anzhi, APKmirror, Amazon Appstore, 9APPS
- VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. [Project link] [Request for research API]
- Deep Android Malware Detection, in CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017, Malware detection, CNN, [Code]
- A Multimodal Deep Learning Method for Android Malware Detection Using Various Features, in Ieee Transactions on Information Forensics and Security, 2018, Malware detection, MLP, [Code]
- Detecting Android malware using Long Short-term Memory (LSTM), in Journal of Intelligent & Fuzzy Systems, 2018, Malware detection, LSTM, [Code]
- {TESSERACT}: Eliminating experimental bias in malware classification across space and time, in USENIX Security Symposium , 2019, Malware detection, MLP, [Code]
- DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps, in ACM SIGSAC Conference on Computer and Communications Security, 2019, Malicious Behavior Analysis, CNN,RNN,AE, [Code]
- Familial Clustering for Weakly-Labeled Android Malware Using Hybrid Representation Learning, in Ieee Transactions on Information Forensics and Security, 2019, Malware family detection, MLP, [Code]
- Android Malware Detection Based on System Calls Analysis and CNN Classification, in IEEE Wireless Communications and Networking Conference Workshop (WCNCW), 2019, Malware detection, CNN, [Code]
- An Android mutation malware detection based on deep learning using visualization of importance from codes, in Microelectronics Reliability, 2019, Malware detection, CNN, [Code]
- Why an Android App is Classified as Malware? Towards Malware Classification Interpretation, in ACM Transactions on Software Engineering and Methodology, 2020, Malware detection, MLP, [Code]
- A Multi-modal Neural Embeddings Approach for Detecting Mobile Counterfeit Apps: A Case Study on Google Play Store, in IEEE Transactions on Mobile Computing, 2020, Repackaged/Fake App Detection, CNN, [Code]
- Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection, in Ieee Transactions on Information Forensics and Security, 2020, Adversarial Learning Attacks and Protections, MLP, [Code]
- Combining multi-features with a neural joint model for Android malware detection, in Journal of Intelligent & Fuzzy Systems, 2020, Others, RNN, CNN, [Code]
- Hybrid Analysis of Android Apps for Security Vetting using Deep Learning, in IEEE Conference on Communications and Network Security (CNS), 2020, Malware detection, LSTM(Bi-LSTM and Attn-BiLSTM), [Code]
- Experimental comparison of features and classifiers for Android malware detection, in International Conference on Mobile Software Engineering and Systems, 2020, Malware detection, MLP,CNN,RNN, [Code]
- Understanding Privacy Awareness in Android App Descriptions Using Deep Learning, in ACM Conference on Data and Application Security and Privacy, 2020, Malicious Behavior Analysis, CNN, [Code]
- Lessons Learnt on Reproducibility in Machine Learning Based Android Malware Detection, in Empirical Software Engineering (EMSE).2021, Reproduction of Drebin, MaMadroid, Malscan, Droidcat, Revealdroid [code]
- Adversarial Deep Learning for Robust Detection of Binary Encoded Malware, in IEEE Security and Privacy Workshops (SPW), 2018, Adversarial deep learning, [code]
- DroidCC: Android malware detection using deep learning, contains android malware samples, papers, tools etc;
- MADLIRA: Malware detection using learning and information retrieval for Android
- android-malware-detection: Android Malware Detection Using Machine Learning Classifiers ( Using Permissions requested by Apps)
- MLDroid/drebin: Drebin - NDSS 2014 Re-implementation
- MaMadroid: Implementation of MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models in NDSS 2017
Research Papers
- Deep learning - LeCun, Yann, Yoshua Bengio, and Geoffrey Hinton. Nature, 2015, [pdf]
- Deep learning - Goodfellow, Ian, et al. MIT press, 2016, [pdf1][pdf2]
- Deep learning in neural networks: An overview - Schmidhuber, Jürgen. Neural networks, 2015, [pdf]
Online Tutorials and Repositories
- Awesome - Most Cited Deep Learning Papers - [Project link]
- Deep Learning Papers Reading Roadmap - [Project link]
- Top Deep Learning Projects -[Project link]
- Tracking Progress in Natural Language Processing -[Project link]
- Deep Learning Tutorial - by Haozan Liang, only Chinese version, continously maintaining and updating, [Project link]
Tools: Tensorflow, keras, scikit-learn, pytorch
Research Papers
- Android security: a survey of issues, malware penetration, and defenses - Faruki P, Bharmal A, Laxmi V, et al. IEEE communications surveys & tutorials, 2014, [pdf]
- A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software - Sadeghi A, Bagheri H, Garcia J, et al. IEEE Transactions on Software Engineering, 2016, [pdf]
- The Evolution of Android Malware and Android Analysis Techniques - Tam K, Feizollah A, Anuar N B, et al. ACM Computing Surveys (CSUR), 2017, [pdf]
- Static analysis of android apps: A systematic literature review - Li L, Bissyandé T F, Papadakis M, et al. Information and Software Technology, 2017, [pdf] [Project link]
- A Survey on Malware Detection Using Data Mining Techniques - Ye Y, Li T, Adjeroh D, et al. ACM Computing Surveys (CSUR), 2017, [pdf]
- A survey on various threats and current state of security in android platform - Bhat P, Dutta K. ACM Computing Surveys (CSUR), 2019, [pdf]
- A survey of Android malware detection with deep neural models - Qiu J, Zhang J, Luo W, et al. ACM Computing Surveys (CSUR), 2020, [pdf]
Useful Tools
- Apktool: A tool for reverse engineering Android apk files [link]
- Androguard: Reverse engineering, Malware and goodware static analysis of Android applications ... and more [link]
- FlowDroid: FlowDroid statically computes data flows in Android apps and Java programs. [link]
- Monkey: An open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. [link]
- DroidBox: Dynamic analysis of Android apps [link]
- DroidBot: A lightweight test input generator for Android. Similar to Monkey, but with more intelligence and cool features. [link]
- MEGDroid: A model-driven event generation framework for dynamic android malware analysis; Information and Software Technology, 2021
- [GDroid: Android Malware Detection and Classification with Graph Convolutional Network](GDroid: Android Malware Detection and Classification with Graph Convolutional Network); Computers & Security, 2021
- Op2Vec: An Opcode Embedding Technique and Dataset Design for End-to-End Detection of Android Malware; arXiv preprint arXiv:2104.04798, 2021
- A Hybrid Deep Network Framework for Android Malware Detection; IEEE Transactions on Knowledge and Data Engineering, 2021
- Multi-view deep learning for zero-day Android malware detection; Journal of Information Security and Applications, 2021
- Towards an interpretable deep learning model for mobile malware detection and family identification; Computers & Security, 2021
- NATICUSdroid: A malware detection framework for Android using native and custom permissions; Journal of Information Security and Applications, 2021
- Mimosa: Reducing malware analysis overhead with coverings; arXiv preprint arXiv:2101.07328, 2021.
- IoTMalware: Android IoT Malware Detection based on Deep Neural Network and Blockchain Technology; arXiv preprint, 2021.
- Formal Equivalence Checking for Mobile Malware Detection and Family Classification; IEEE Transactions on Software Engineering (2021).
- A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps; Empirical Software Engineering, 2021, 26(3): 1-51.
- Understanding worldwide private information collection on android; arXiv preprint, 2021.
- Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques; ACM Transactions on Privacy and Security (TOPS), 2021
- Malware Detection employed by Visualization and Deep Neural Network; Computers & Security, 2021
- Malware Detection and Analysis: Challenges and Research Opportunities; arXiv preprint, 2021.
- Towards interpreting ML-based automated malware detection models: a survey; arXiv preprint, 2021.
- A Novel Few-Shot Malware Classification Approach for Unknown Family Recognition with Multi-Prototype Modeling; Computers & Security, 2021
- Obfuscation-Resilient Executable Payload Extraction From Packed Malware;{USENIX} Security, 2021
- Marked for Disruption: Tracing the Evolution of Malware Delivery Operations Targeted for Takedown; arXiv preprint, 2021.
- Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers; {USENIX} Security, 2021
- Lessons Learnt on Reproducibility in Machine Learning Based Android Malware Detection, in Empirical Software Engineering (EMSE).2021