Hybrid Android Malware Detection: A Review of Heuristic-Based Approach

Over the last decade, numerous research efforts have been dedicated to countering malicious mobile applications. Given its market share, Android OS has been the primary target for most of these apps. Researchers have devised numerous solutions to protect Android devices and their users, categorizing them into static and dynamic approaches. Each of these approaches has its own advantages and disadvantages. The hybrid approach aims to combine the benefits of both. This study closely examines the hybrid solutions proposed between 2012 and 2023, highlighting their strengths and limitations. The objective of this study is to provide a comprehensive review of existing research on Android malware detection using a hybrid approach. Our review identifies several issues related to hybrid detection approaches, including datasets, feature utilization and selection, working environments, detection order mechanisms, integrity of the detection step, detection algorithms, and the use of automated input generation. Key findings of this study include: (i) the majority of studies have not adequately addressed on-device detection and have overlooked the importance of system usability, (ii) many studies rely on outdated datasets that do not accurately represent the current threat landscape, (iii) there is a need for a methodology to detect zero-day attacks, and (iv) most research has not paid attention to the impact of automated input generation on malware behavior and code coverage. We also discuss some open issues and future directions that will help substantiate the hybrid approach study.