This paper provides the basics of Android malware, its evolution and tools and techniques for
malware analysis. Its main aim is to present a review of the literature on Android malware detection using machine
learning and deep learning and identify the research gaps. It provides the insights obtained through literature and future
research directions which could help researchers to come up with robust and accurate techniques for classification of
This paper provides a review of the basics of Android malware, its evolution timeline and
detection techniques. It includes the tools and techniques for analyzing the Android malware statically and dynamically
for extracting features and finally classifying these using machine learning and deep learning algorithms.
The number of Android users is expanding very fast due to the popularity of Android devices. As a result, there
are more risks to Android users due to the exponential growth of Android malware. On-going research aims to overcome
the constraints of earlier approaches for malware detection. As the evolving malware are complex and sophisticated,
earlier approaches like signature based and machine learning based are not able to identify these timely and accurately.
The findings from the review shows various limitations of earlier techniques i.e. requires more detection time, high false
positive and false negative rate, low accuracy in detecting sophisticated malware and less flexible.
This paper provides a systematic and comprehensive review on the tools and techniques being
employed for analysis, classification and identification of Android malicious applications. It includes the timeline of
Android malware evolution, tools and techniques for analyzing these statically and dynamically for the purpose of
extracting features and finally using these features for their detection and classification using machine learning and deep
learning algorithms. On the basis of the detailed literature review, various research gaps are listed. The paper also provides
future research directions and insights which could help researchers to come up with innovative and robust techniques for
detecting and classifying the Android malware.
Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.