"Deep Learning for Android Malware Defenses: a SystematicLiterature Review" by Yue Liu, Li Li, Chakkrit Tantithamthavorn and Yepang Liu.

We have publiced our systematic review on Arxiv: https://arxiv.org/abs/2103.05292

• Paper lists
• Malware Data Collection
• Public tools
• Useful Research Works
• Recent Publications (Updating - 2021.04)

• Full lists of the reviewed paper
• The excluded studies by quality assessment
• Related papers (Updating)
• Malware Defenses Objectives
  • malware detection
  • malware family detection
  • repackaged/fake app detection,
  • adversarial learning attacks and protections
  • malicious behavior analysis
• Deep Learning Techniques
  • Multilayer Perceptrons
  • Convolutional Neural Networks
  • Recurrent Neural Networks
  • Deep Relief Networks
  • Autoencoders
  • Generative Adversarial Networks
  • Deep Hybrid Models
  • Other Deep Learning Models
  • Adversarial Attacks and Defenses
  • Explainable Malware Defenses
• Deployment
  • Off-device
  • Cloud-based
  • On-device

• Drebin: 123453 benign samples and 5560 malware(176 malware families) [pdf] [Link]
• Genome: 863 benign and 1260 malware [pdf] [Link]
• Contagio: 1150 malware [Link]
• AMD: 24553 malware [pdf] [Link]
• MalDroid: 17,341 Android samples; five distinct categories: Adware, Banking malware, SMS malware, Riskware, and Benign. [Link]
• RmvDroid: 9133 malware samples; [pdf][link]
• VirusShare [Link]
• VirusTotal [Project link] [Request for research Datasets]
• AndroidZoo [Link]
• Google Play [Link], [PlayDrone: Google crawler]
• Other thirt-party markets: HUAWEI, APKpure, MI store, Tencent, 360, Wandoujia, Aptoide,Anzhi, APKmirror, Amazon Appstore, 9APPS

• VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. [Project link] [Request for research API]

• Deep Android Malware Detection, in CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017, Malware detection, CNN, [Code]
• A Multimodal Deep Learning Method for Android Malware Detection Using Various Features, in Ieee Transactions on Information Forensics and Security, 2018, Malware detection, MLP, [Code]
• Detecting Android malware using Long Short-term Memory (LSTM), in Journal of Intelligent & Fuzzy Systems, 2018, Malware detection, LSTM, [Code]
• {TESSERACT}: Eliminating experimental bias in malware classification across space and time, in USENIX Security Symposium , 2019, Malware detection, MLP, [Code]
• DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps, in ACM SIGSAC Conference on Computer and Communications Security, 2019, Malicious Behavior Analysis, CNN,RNN,AE, [Code]
• Familial Clustering for Weakly-Labeled Android Malware Using Hybrid Representation Learning, in Ieee Transactions on Information Forensics and Security, 2019, Malware family detection, MLP, [Code]
• Android Malware Detection Based on System Calls Analysis and CNN Classification, in IEEE Wireless Communications and Networking Conference Workshop (WCNCW), 2019, Malware detection, CNN, [Code]
• An Android mutation malware detection based on deep learning using visualization of importance from codes, in Microelectronics Reliability, 2019, Malware detection, CNN, [Code]
• Why an Android App is Classified as Malware? Towards Malware Classification Interpretation, in ACM Transactions on Software Engineering and Methodology, 2020, Malware detection, MLP, [Code]
• A Multi-modal Neural Embeddings Approach for Detecting Mobile Counterfeit Apps: A Case Study on Google Play Store, in IEEE Transactions on Mobile Computing, 2020, Repackaged/Fake App Detection, CNN, [Code]
• Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection, in Ieee Transactions on Information Forensics and Security, 2020, Adversarial Learning Attacks and Protections, MLP, [Code]
• Combining multi-features with a neural joint model for Android malware detection, in Journal of Intelligent & Fuzzy Systems, 2020, Others, RNN, CNN, [Code]
• Hybrid Analysis of Android Apps for Security Vetting using Deep Learning, in IEEE Conference on Communications and Network Security (CNS), 2020, Malware detection, LSTM(Bi-LSTM and Attn-BiLSTM), [Code]
• Experimental comparison of features and classifiers for Android malware detection, in International Conference on Mobile Software Engineering and Systems, 2020, Malware detection, MLP,CNN,RNN, [Code]
• Understanding Privacy Awareness in Android App Descriptions Using Deep Learning, in ACM Conference on Data and Application Security and Privacy, 2020, Malicious Behavior Analysis, CNN, [Code]
• Lessons Learnt on Reproducibility in Machine Learning Based Android Malware Detection, in Empirical Software Engineering (EMSE).2021, Reproduction of Drebin, MaMadroid, Malscan, Droidcat, Revealdroid [code]

• Adversarial Deep Learning for Robust Detection of Binary Encoded Malware, in IEEE Security and Privacy Workshops (SPW), 2018, Adversarial deep learning, [code]
• DroidCC: Android malware detection using deep learning, contains android malware samples, papers, tools etc;
• MADLIRA: Malware detection using learning and information retrieval for Android
• android-malware-detection: Android Malware Detection Using Machine Learning Classifiers ( Using Permissions requested by Apps)
• MLDroid/drebin: Drebin - NDSS 2014 Re-implementation
• MaMadroid: Implementation of MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models in NDSS 2017

Research Papers

• Deep learning - LeCun, Yann, Yoshua Bengio, and Geoffrey Hinton. Nature, 2015, [pdf]
• Deep learning - Goodfellow, Ian, et al. MIT press, 2016, [pdf1][pdf2]
• Deep learning in neural networks: An overview - Schmidhuber, Jürgen. Neural networks, 2015, [pdf]

Online Tutorials and Repositories

• Awesome - Most Cited Deep Learning Papers - [Project link]
• Deep Learning Papers Reading Roadmap - [Project link]
• Top Deep Learning Projects -[Project link]
• Tracking Progress in Natural Language Processing -[Project link]
• Deep Learning Tutorial - by Haozan Liang, only Chinese version, continously maintaining and updating, [Project link]

Tools: Tensorflow, keras, scikit-learn, pytorch

Research Papers

• Android security: a survey of issues, malware penetration, and defenses - Faruki P, Bharmal A, Laxmi V, et al. IEEE communications surveys & tutorials, 2014, [pdf]
• A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software - Sadeghi A, Bagheri H, Garcia J, et al. IEEE Transactions on Software Engineering, 2016, [pdf]
• The Evolution of Android Malware and Android Analysis Techniques - Tam K, Feizollah A, Anuar N B, et al. ACM Computing Surveys (CSUR), 2017, [pdf]
• Static analysis of android apps: A systematic literature review - Li L, Bissyandé T F, Papadakis M, et al. Information and Software Technology, 2017, [pdf] [Project link]
• A Survey on Malware Detection Using Data Mining Techniques - Ye Y, Li T, Adjeroh D, et al. ACM Computing Surveys (CSUR), 2017, [pdf]
• A survey on various threats and current state of security in android platform - Bhat P, Dutta K. ACM Computing Surveys (CSUR), 2019, [pdf]
• A survey of Android malware detection with deep neural models - Qiu J, Zhang J, Luo W, et al. ACM Computing Surveys (CSUR), 2020, [pdf]

Useful Tools

• Apktool: A tool for reverse engineering Android apk files [link]
• Androguard: Reverse engineering, Malware and goodware static analysis of Android applications ... and more [link]
• FlowDroid: FlowDroid statically computes data flows in Android apps and Java programs. [link]
• Monkey: An open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. [link]
• DroidBox: Dynamic analysis of Android apps [link]
• DroidBot: A lightweight test input generator for Android. Similar to Monkey, but with more intelligence and cool features. [link]

• MEGDroid: A model-driven event generation framework for dynamic android malware analysis; Information and Software Technology, 2021
• [GDroid: Android Malware Detection and Classification with Graph Convolutional Network](GDroid: Android Malware Detection and Classification with Graph Convolutional Network); Computers & Security, 2021
• Op2Vec: An Opcode Embedding Technique and Dataset Design for End-to-End Detection of Android Malware; arXiv preprint arXiv:2104.04798, 2021
• A Hybrid Deep Network Framework for Android Malware Detection; IEEE Transactions on Knowledge and Data Engineering, 2021
• Multi-view deep learning for zero-day Android malware detection; Journal of Information Security and Applications, 2021
• Towards an interpretable deep learning model for mobile malware detection and family identification; Computers & Security, 2021
• NATICUSdroid: A malware detection framework for Android using native and custom permissions; Journal of Information Security and Applications, 2021
• Mimosa: Reducing malware analysis overhead with coverings; arXiv preprint arXiv:2101.07328, 2021.
• IoTMalware: Android IoT Malware Detection based on Deep Neural Network and Blockchain Technology; arXiv preprint, 2021.
• Formal Equivalence Checking for Mobile Malware Detection and Family Classification; IEEE Transactions on Software Engineering (2021).
• A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps; Empirical Software Engineering, 2021, 26(3): 1-51.
• Understanding worldwide private information collection on android; arXiv preprint, 2021.
• Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques; ACM Transactions on Privacy and Security (TOPS), 2021
• Malware Detection employed by Visualization and Deep Neural Network; Computers & Security, 2021
• Malware Detection and Analysis: Challenges and Research Opportunities; arXiv preprint, 2021.
• Towards interpreting ML-based automated malware detection models: a survey; arXiv preprint, 2021.
• A Novel Few-Shot Malware Classification Approach for Unknown Family Recognition with Multi-Prototype Modeling; Computers & Security, 2021
• Obfuscation-Resilient Executable Payload Extraction From Packed Malware;{USENIX} Security, 2021
• Marked for Disruption: Tracing the Evolution of Malware Delivery Operations Targeted for Takedown; arXiv preprint, 2021.
• Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers; {USENIX} Security, 2021
• Lessons Learnt on Reproducibility in Machine Learning Based Android Malware Detection, in Empirical Software Engineering (EMSE).2021