GUARDING ANDROID: A COMPREHENSIVE REVIEW OF INTRUSION DETECTION TECHNIQUES FOR SMARTPHONES
Keywords:Intrusion Detection System, Malware detection, Static features, Dynamic features, Hybrid features
The popularity of using the Android operating system has increased the number of developers and intruders in this field. Many applications are developed in this area and perform malicious activities like ransomware attacks, installing backdoors, phishing, sending premium short message service, and stealing private data. These activities pose many threats to smartphone users. This study provides a review of the main strategies used in intrusion detection systems to detect malicious activities at the application and system levels. The study illustrates the advantages and disadvantages of each method and the significant features used to discriminate against malicious activities and highlights several open issues that warrant further investigation and improvement. It is a comprehensive review that may be useful for academic researchers interested in cybersecurity.
Abderrahmane, A., Adnane, G., Yacine, C., & Khireddine, G. (2019). Android malware detection based on system calls analysis and CNN classification. Paper presented at the 2019 IEEE Wireless Communications and Networking Conference Workshop (WCNCW).
Agrawal, P., & Trivedi, B. (2019). A survey on android malware and their detection techniques. Paper presented at the 2019 IEEE International conference on electrical, computer and communication technologies (ICECCT).
Almomani, I., Qaddoura, R., Habib, M., Alsoghyer, S., Al Khayer, A., Aljarah, I., & Faris, H. (2021). Android ransomware detection based on a hybrid evolutionary approach in the context of highly imbalanced data. IEEE Access, 9, 57674-57691.
AlOmari, H., Yaseen, Q. M., & Al-Betar, M. A. (2023). A Comparative Analysis of Machine Learning Algorithms for Android Malware Detection. Procedia Computer Science, 220, 763-768.
Alqahtani, H., Sarker, I. H., Kalim, A., Minhaz Hossain, S. M., Ikhlaq, S., & Hossain, S. (2020). Cyber intrusion detection using machine learning classification techniques. Paper presented at the Computing Science, Communication and Security: First International Conference, COMS2 2020, Gujarat, India, March 26–27, 2020, Revised Selected Papers 1.
Alsoghyer, S., & Almomani, I. (2020). On the effectiveness of application permissions for Android ransomware detection. Paper presented at the 2020 6th conference on data science and machine learning applications (CDMA).
Amer, E. (2021). Permission-based approach for android malware analysis through ensemble-based voting model. Paper presented at the 2021 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC).
Ariyapala, K., Do Hoang, G., Huynh, N. A., Wee, K. N., & Conti, M. (2016). A host and network based intrusion detection for android smartphones. Paper presented at the 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).
Arora, A., & Peddoju, S. K. (2018). NTPDroid: a hybrid android malware detector using network traffic and system permissions. Paper presented at the 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE).
Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., Song, H., & Yu, H. (2018). SAMADroid: a novel 3-level hybrid malware detection model for android operating system. IEEE Access, 6, 4321-4339.
BalaGanesh, D., Chakrabarti, A., & Midhunchakkaravarthy, D. (2018). Smart devices threats, vulnerabilities and malware detection approaches: a survey. European Journal of Engineering and Technology Research, 3(2), 7-12.
Bansal, V., Baliyan, N., & Ghosh, M. (2022). Dynamic Android Malware Detection Using Light Gradient Boosting Machine. Paper presented at the 2022 4th International Conference on Artificial Intelligence and Speech Technology (AIST).
Barbhuiya, S., Kilpatrick, P., & Nikolopoulos, D. S. (2020). DroidLight: Lightweight anomaly-based intrusion detection system for smartphone devices. Paper presented at the Proceedings of the 21st International Conference on Distributed Computing and Networking.
Bayazit, E. C., Sahingoz, O. K., & Dogan, B. (2020). Malware detection in android systems with traditional machine learning models: a survey. Paper presented at the 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA).
Borek, M. (2017). Intrusion Detection System for Android: Linux Kernel System Salls Analysis.
Borkar, A., Donode, A., & Kumari, A. (2017). A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS). Paper presented at the 2017 International conference on inventive computing and informatics (ICICI).
Chawla, A., Lee, B., Fallon, S., & Jacob, P. (2019). Host based intrusion detection system with combined CNN/RNN model. Paper presented at the ECML PKDD 2018 Workshops: Nemesis 2018, UrbReas 2018, SoGood 2018, IWAISe 2018, and Green Data Mining 2018, Dublin, Ireland, September 10-14, 2018, Proceedings 18.
da Costa, F. H., Medeiros, I., Costa, P., Menezes, T., Vinícius, M., Bonifácio, R., & Canedo, E. D. (2020). Droidxp: A benchmark for supporting the research on mining android sandboxes. Paper presented at the 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM).
Dharmalingam, V. P., & Palanisamy, V. (2021). A novel permission ranking system for android malware detection—the permission grader. Journal of Ambient Intelligence and Humanized Computing, 12, 5071-5081.
Elkhadir, Z., Chougdali, K., & Benattou, M. (2016). Intrusion detection system using pca and kernel pca methods. Paper presented at the Proceedings of the Mediterranean Conference on Information & Communication Technologies 2015: MedCT 2015 Volume 2.
Esmaeili, S., & Shahriari, H. R. (2019). PodBot: a new botnet detection method by host and network-based analysis. Paper presented at the 2019 27th Iranian Conference on Electrical Engineering (ICEE).
Fang, Q., Yang, X., & Ji, C. (2019). A hybrid detection method for android malware. Paper presented at the 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC).
Feng, R., Liu, Y., & Lin, S. (2019). A performance-sensitive malware detection system on mobile platform. Paper presented at the Formal Methods and Software Engineering: 21st International Conference on Formal Engineering Methods, ICFEM 2019, Shenzhen, China, November 5–9, 2019, Proceedings 21.
Garg, S., & Baliyan, N. (2019). A novel parallel classifier scheme for vulnerability detection in android. Computers & Electrical Engineering, 77, 12-26.
Georgios Kambourakis, A. S., Constantinos Kolias, and Dimitrios Damopoulos. (2018). Intrusion Detection and Prevention for Mobile Ecosystems: Taylor & Francis Group, LLC.
Gyamfi, N. K., & Owusu, E. (2018). Survey of mobile malware analysis, detection techniques and tool. Paper presented at the 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON).
Hein, C. L. P. M., & Myo, K. M. (2018). Permission-based feature selection for android malware detection and analysis. International Journal of Computer Applications, 181(19), 29-39.
Istiaque, S. M., Khan, A. I., & Waheed, S. (2020). Smart intrusion detection system comprised of machine learning and deep learning. European Journal of Engineering and Technology Research, 5(10), 1168-1173.
Jannat, U. S., Hasnayeen, S. M., Shuhan, M. K. B., & Ferdous, M. S. (2019). Analysis and detection of malware in Android applications using machine learning. Paper presented at the 2019 International Conference on Electrical, Computer and Communication Engineering (ECCE).
Jiang, X., Mao, B., Guan, J., & Huang, X. (2020). Android malware detection using fine-grained features. Scientific Programming, 2020, 1-13.
John, T. S., Thomas, T., & Emmanuel, S. (2020). Graph convolutional networks for android malware detection with system call graphs. Paper presented at the 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP).
Kapoor, A., Kushwaha, H., & Gandotra, E. (2019). Permission based android malicious application detection using machine learning. Paper presented at the 2019 International Conference on Signal Processing and Communication (ICSC).
Khariwal, K., Singh, J., & Arora, A. (2020). IPDroid: Android malware detection using intents and permissions. Paper presented at the 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4).
Khatter, K. (2018). Malicious Application Detection and Classification System for Android Mobiles.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1), 1-22.
Kumar, R., Zhang, X., Wang, W., Khan, R. U., Kumar, J., & Sharif, A. (2019). A multimodal malware detection technique for Android IoT devices using various features. IEEE Access, 7, 64411-64430.
Kumar, S., Viinikainen, A., & Hamalainen, T. (2016). Machine learning classification model for network based intrusion detection system. Paper presented at the 2016 11th international conference for internet technology and secured transactions (ICITST).
Kuo, W.-C., Liu, T.-P., & Wang, C.-C. (2019). Study on android hybrid malware detection based on machine learning. Paper presented at the 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS).
Lê, N. C., Nguyen, T.-M., Truong, T., Nguyen, N.-D., & Ngô, T. (2020). A Machine Learning Approach for Real Time Android Malware Detection. Paper presented at the 2020 RIVF International Conference on Computing and Communication Technologies (RIVF).
Lei, T., Qin, Z., Wang, Z., Li, Q., & Ye, D. (2019). EveDroid: Event-aware Android malware detection against model degrading for IoT devices. IEEE Internet of Things Journal, 6(4), 6668-6680.
Liu, K., Xu, S., Xu, G., Zhang, M., Sun, D., & Liu, H. (2020). A review of android malware detection approaches based on machine learning. IEEE Access, 8, 124579-124607.
Liu, P. (2019). An intrusion detection system based on convolutional neural network. Paper presented at the Proceedings of the 2019 11th International Conference on Computer and Automation Engineering.
Liu, Y., Zhang, Y., Li, H., & Chen, X. (2016). A hybrid malware detecting scheme for mobile Android applications. Paper presented at the 2016 IEEE International Conference on Consumer Electronics (ICCE).
Ma, Z., Ge, H., Liu, Y., Zhao, M., & Ma, J. (2019). A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access, 7, 21235-21245.
Mahdavifar, S., Kadir, A. F. A., Fatemi, R., Alhadidi, D., & Ghorbani, A. A. (2020). Dynamic android malware category classification using semi-supervised deep learning. Paper presented at the 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech).
Malik, S. Anomaly based Intrusion Detection in Android Mobiles: A Review.
Manzil, H. H. R. (2022). DynaMalDroid: Dynamic Analysis-Based Detection Framework for Android Malware Using Machine Learning Techniques. Paper presented at the 2022 International Conference on Knowledge Engineering and Communication Systems (ICKES).
Mathur, A., Podila, L. M., Kulkarni, K., Niyaz, Q., & Javaid, A. Y. (2021). NATICUSdroid: A malware detection framework for Android using native and custom permissions. Journal of Information Security and Applications, 58, 102696.
Niu, W., Cao, R., Zhang, X., Ding, K., Zhang, K., & Li, T. (2020). OpCode-level function call graph based android malware classification using deep learning. Sensors, 20(13), 3645.
Painter, N., & Kadhiwala, B. (2018). Machine-learning-based android malware detection techniques—A comparative analysis. Paper presented at the Information and Communication Technology for Sustainable Development: Proceedings of ICT4SD 2016, Volume 1.
Radoglou-Grammatikis, P. I., & Sarigiannidis, P. G. (2017). Flow anomaly based intrusion detection system for Android mobile devices. Paper presented at the 2017 6th International Conference on Modern Circuits and Systems Technologies (MOCAST).
Riasat, R., Sakeena, M., Sadiq, A. H., & Wang, Y.-J. (2018). Onamd: an online android malware detection approach. Paper presented at the 2018 International Conference on Machine Learning and Cybernetics (ICMLC).
Ribeiro, J., Saghezchi, F. B., Mantas, G., Rodriguez, J., & Abd-Alhameed, R. A. (2020). Hidroid: prototyping a behavioral host-based intrusion detection and prevention system for android. IEEE Access, 8, 23154-23168.
Sandeep, H. (2019). Static analysis of android malware detection using deep learning. Paper presented at the 2019 International Conference on Intelligent Computing and Control Systems (ICCS).
Sangal, A., & Verma, H. K. (2020). A static feature selection-based android malware detection using machine learning techniques. Paper presented at the 2020 International conference on smart electronics and communication (ICOSEC).
Sewak, M., Sahay, S. K., & Rathore, H. (2020). Deepintent: implicitintent based android ids with e2e deep learning architecture. Paper presented at the 2020 IEEE 31st annual international symposium on personal, indoor and mobile radio communications.
Shamshirband, S., Fathi, M., Chronopoulos, A. T., Montieri, A., Palumbo, F., & Pescapè, A. (2020). Computational intelligence intrusion detection techniques in mobile cloud computing environments: Review, taxonomy, and open research issues. Journal of Information Security and Applications, 55, 102582.
Shyong, Y.-C., Jeng, T.-H., & Chen, Y.-M. (2020). Combining static permissions and dynamic packet analysis to improve Android malware detection. Paper presented at the 2020 2nd International Conference on Computer Communication and the Internet (ICCCI).
Singh, A. K., Wadhwa, G., Ahuja, M., Soni, K., & Sharma, K. (2020). Android malware detection using LSI-based reduced opcode feature vector. Procedia Computer Science, 173, 291-298.
Sirisha, P., & Anuradha, T. (2019). Detection of permission driven malware in android using deep learning techniques. Paper presented at the 2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA).
Tiwari, S. R., & Shukla, R. U. (2018). An android malware detection technique using optimized permission and api with pca. Paper presented at the 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS).
Uğurlu, M., & Doğru, İ. A. (2019). A survey on deep learning based intrusion detection system. Paper presented at the 2019 4th International Conference on Computer Science and Engineering (UBMK).
Vinayakumar, R., Soman, K., Poornachandran, P., & Sachin Kumar, S. (2018). Detecting Android malware using long short-term memory (LSTM). Journal of Intelligent & Fuzzy Systems, 34(3), 1277-1288.
Wang, S., Chen, Z., Yan, Q., Yang, B., Peng, L., & Jia, Z. (2019). A mobile malware detection method using behavior features in network traffic. Journal of Network and Computer Applications, 133, 15-25.
Xiao, X., Zhang, S., Mercaldo, F., Hu, G., & Sangaiah, A. K. (2019). Android malware detection based on system call sequences and LSTM. Multimedia Tools and Applications, 78, 3979-3999.
Xie, N., Qin, Z., & Di, X. (2023). GA-StackingMD: Android Malware Detection Method Based on Genetic Algorithm Optimized Stacking. Applied Sciences, 13(4), 2629.
Yerima, S. Y., & Alzaylaee, M. K. (2020). Mobile botnet detection: A deep learning approach using convolutional neural networks. Paper presented at the 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA).
Yuan, W., Jiang, Y., Li, H., & Cai, M. (2019). A lightweight on-device detection method for android malware. IEEE transactions on systems, man, and cybernetics: systems, 51(9), 5600-5611.
Zachariah, R., Akash, K., Yousef, M. S., & Chacko, A. M. (2017). Android malware detection a survey. Paper presented at the 2017 IEEE international conference on circuits and systems (ICCS).
Zhang, H., Luo, S., Zhang, Y., & Pan, L. (2019). An efficient Android malware detection system based on method-level behavioral semantic analysis. IEEE Access, 7, 69246-69256.
Zhang, N., Xue, J., Ma, Y., Zhang, R., Liang, T., & Tan, Y. a. (2021). Hybrid sequence‐based Android malware detection using natural language processing. International Journal of Intelligent Systems, 36(10), 5770-5784.
Zhang, X., Mathur, A., Zhao, L., Rahmat, S., Niyaz, Q., Javaid, A., & Yang, X. (2022). An early detection of android malware using system calls based machine learning model. Paper presented at the Proceedings of the 17th International Conference on Availability, Reliability and Security.
Zhang, Y., Feng, C., Huang, L., Ye, C., & Weng, L. (2020). Detection of android malicious family based on manifest information. Paper presented at the 2020 15th International Conference on Computer Science & Education (ICCSE).
Zhao, L., Li, D., Zheng, G., & Shi, W. (2018). Deep neural network based on android mobile malware detection system using opcode sequences. Paper presented at the 2018 IEEE 18th International Conference on Communication Technology (ICCT).
Zhou, H., Yang, X., Pan, H., & Guo, W. (2020). An android malware detection approach based on SIMGRU. IEEE Access, 8, 148404-148410.
Zhou, Q., Feng, F., Shen, Z., Zhou, R., Hsieh, M.-Y., & Li, K.-C. (2019). A novel approach for mobile malware classification and detection in Android systems. Multimedia Tools and Applications, 78, 3529-3552.
How to Cite
Copyright (c) 2023 Ibrahim M. Ibrahim , Amira B. Sallow
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License [CC BY-NC-SA 4.0] that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work, with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online.