Tool Categorization
Tool Paper Selection
We systematically collected a list of malware detection papers by searching top conferences and journals in software engineering and security (based on CORE ranking and Journal Citation Reports) between 2010 and 2021.
The software engineering conferences/journals:
- IEEE/ACM International Conference on Software Engineering (ICSE)
- ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)
- IEEE/ACM International Conference on Automated Software Engineering (ASE)
- ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)
- IEEE Transactions on Software Engineering (TSE)
- Springer Empirical Software Engineering (EMSE)
- Elsevier Journal of Systems and Software (JSS)
- ACM Transactions on Software Engineering and Methodology (TOSEM)
- IEEE Software
- Elsevier Information and Software Technology (IST)
The security conferences/journals include:
- ACM Conference on Computer and Communications Security (CCS)
- IEEE Symposium on Security and Privacy (S&P)
- USENIX Security Symposium
- Network and Distributed System Security Symposium (NDSS)
- ACM Annual Computer Security Applications Conference (ACSAC)
- Elsevier Journal of Computers & Security
- IEEE Security & Privacy Journal
- IEEE Transactions on Information Forensics and Security (TIFS)
- IEEE Transactions on Dependable and Secure Computing (TDSC)
- Springer International Journal of Information Security (IJIS)
We further augmented the resulting list with malware detection techniques from seven recent surveys:
- Qiu, Junyang, Jun Zhang, Wei Luo, Lei Pan, Surya Nepal, and Yang Xiang. “A survey of Android malware detection with deep neural models.” ACM Computing Surveys (CSUR) 53, no. 6 (2020): 1-36.
- Arshad, Saba, Munam Ali Shah, Abid Khan, and Mansoor Ahmed. “Android malware detection & protection: a survey.” International Journal of Advanced Computer Science and Applications 7, no. 2 (2016): 463-475.
- Rashidi, Bahman, and Carol J. Fung. “A Survey of Android Security Threats and Defenses.” J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 6, no. 3 (2015): 3-35.
- Tam, Kimberly, Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. “The evolution of android malware and android analysis techniques.” ACM Computing Surveys (CSUR) 49, no. 4 (2017): 1-41.
- Faruki, Parvez, Ammar Bharmal, Vijay Laxmi, Vijay Ganmoor, Manoj Singh Gaur, Mauro Conti, and Muttukrishnan Rajarajan. “Android security: a survey of issues, malware penetration, and defenses.” IEEE communications surveys & tutorials 17, no. 2 (2014): 998-1022.
- Alqahtani, Ebtesam J., Rachid Zagrouba, and Abdullah Almuhaideb. “A Survey on Android Malware Detection Techniques Using Machine Learning Algorithms.” In 2019 Sixth International Conference on Software Defined Systems (SDS), pp. 110-117. IEEE, 2019.
- Souri, Alireza, and Rahil Hosseini. “A state-of-the-art survey of malware detection approaches using data mining techniques.” Human-centric Computing and Information Sciences 8, no. 1 (2018): 1-22.
Tool Paper Categorization
We categorized the identified papers into ten categories. We describe the categories below and provide the number of papers in each category.
- Not Malware Detection - Android research irrelevant to malware detection, such as tools for testing, detecting bugs, documentation, code recommendation, etc.
- Generic Malware - Tools that detect any type of malware by establishing similarity with a set of known malicious and benign applications (e.g., via machine learning, signature detection, etc.)
- Payload Specific - Tools that target a specific type of payload (e.g., info-leak, overlay phishing, privilege escalation)
- Condition Detection - Tools that focus on conditions that lead to the malicious payload
- Forced Execution - Tools that force app execution into the malicious path
- Hiding Detection - Tools that flag the difference between app behavior and its presented user interface
- Dynamic Loading - Tools that detect dynamic code loading
- Sandboxing - Tools that create analysis frameworks to aid researchers in analyzing malware samples
- Repackaged Malware - Tools that detect repackaged apps
- Inter App Attacks - Tools that detect apps colluding together to perform an attack
A detailed list of papers in each category can be found in this excel file.