Vulnerability Detection Approaches on Application Behaviors in Mobile Environment

TL;DR

This paper reviews various behavioral analysis techniques for detecting Android malware, highlighting their limitations, challenges, and future research directions in dynamic malware detection.

Contribution

It provides a comprehensive overview of existing malware detection methods based on application behavior and discusses open problems and future research avenues.

Findings

Current approaches struggle with polymorphic malware detection

Many techniques fail to analyze all execution paths effectively

Open problems include environment variability and analysis completeness

Abstract

Several solutions ensuring the dynamic detection of malicious activities on Android ecosystem have been proposed. These are represented by generic rules and models that identify any purported malicious behavior. However, the approaches adopted are far from being effective in detecting malware (listed or not) and whose form and behavior are likely to be different depending on the execution environment or the design of the malware itself (polymorphic for example). An additional difficulty is added when these approaches are unable to capture, analyze, and classify all the execution paths incorporated in the analyzed application earlier. This suggests that the functionality of the analyzed application can constitute a potential risk but never explored or revealed. We have studied some malware detection techniques based on behavioral analysis of applications. The description, characteristics, and results obtained from each technique are presented in this article wherein we have also highlighted some open problems, challenges as well as the different possible future directions of research concerning behavioral analysis of malware.