Android Mobile Malware Detection Using Machine Learning: A Systematic Review
Round 1
Reviewer 1 Report
The paper provides a review on android malware detection using ML. My two main concerns are as follows:
1) Originality and justification
There are current and very recent reviews on the topic published in the last months. See:
Pan, Y., Ge, X., Fang, C., & Fan, Y. (2020). A Systematic Literature Review of Android Malware Detection Using Static Analysis. IEEE Access, 8, 116363-116379.
Sharma, T., & Rattan, D. (2021). Malicious application detection in android—A systematic literature review. Computer Science Review, 40, 100373.
Li, L., Bissyandé, T. F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., ... & Traon, L. (2017). Static analysis of android apps: A systematic literature review. Information and Software Technology, 88, 67-95.
Authors are making a review of some aspects inside them. They need to justify the need
Moreover there is one more work:
Liu, Y., Tantithamthavorn, C., Li, L., & Liu, Y. (2021). Deep Learning for Android Malware Defenses: a Systematic Literature Review. arXiv preprint arXiv:2103.05292.
Liu, K., Xu, S., Xu, G., Zhang, M., Sun, D., & Liu, H. (2020). A Review of Android Malware Detection Approaches Based on Machine Learning. IEEE Access, 8, 124579-124607.
That I see as complementary too. Authors must justify the need of their work, that, as I see is not justified.
2. Method.
Authors claim they used PRISMA, but more details are needed. For instance, threats of validity must be identified, inclusion and exclusion criteria, use of databases, snowballing and so on. I suggest any of the very recent SLRs published, for instance:
Wen, J., Li, S., Lin, Z., Hu, Y., & Huang, C. (2012). Systematic literature review of machine learning based software development effort estimation models. Information and Software Technology, 54(1), 41-59.
Lenarduzzi, V., Besker, T., Taibi, D., Martini, A., & Fontana, F. A. (2021). A systematic literature review on technical debt prioritization: Strategies, processes, factors, and tools. Journal of Systems and Software, 171, 110827.
All the best in your improvements
Author Response
Thank you very much of taking time to review our paper. Please see the attachment where we address all the comments.
Author Response File: Author Response.pdf
Reviewer 2 Report
The paper presents a review of mobile malware systems while focusing on Android malware. The structure of the article is difficult to follow. The results of the review are not properly generalized. The paper, therefore, needs a major restructuring, not only in form but in content: maybe with removing some not relevant parts, and increasing the details of those parts which are important and are fully relevant.
Comments:
- What is the knowledge gap bridged by this study? What is the contribution of this review article over other reviews on malware detection?
- What are the aims of this study? What are you trying to find out in the domain of your research? You can formulate your research aims as Research Questions, which will be answered by the results of the literature survey.
- The introduction into the domain of malware detection is rather weak. What are the main challenges in this domain? Improve the overview of state-of-the-art by using most recent sources, such as, for example: doi:10.1002/ett.3675, doi:10.1504/IJESDF.2020.106318, doi:10.1007/s12652-018-0803-6, doi:10.3390/app10144966
- The presented review does not faithfully follow the PRISMA guidelines for performing systematic reviews. Specifically, you should reproduce the search queries used to perform a search in bibliographic databases.
- Discussion on Android Architecture should be shortened as it is not directly related to the main topic of this paper.
- That is the motivation and background for the taxonomy presented in Figure 2.
- Table 10 is incomplete as deep learning models and convolutional neural network architectures are missing.
- Section 4 should also (similarly to other sections) have a summarising table discussing the analyzed works.
- The article also should present the results of the survey using figures (bar charts) showing the count of analyzed papers by different datasets and techniques used.
- The article also should discuss (in the discussion section) the bias and other factors that could have influenced the outcomes of this study as it is recommended by the PRISMA methodology.
- Improve the conclusions, present in-depth insights from your review. Formulate the main identified challenges in malware detection systems and summarize trends.
- Check the language. There are many typos and misspellings.
- Explain all abbreviations on their first use.
Author Response
Thank you very much of taking time to review our paper. Please see the attachment where we address all the comments.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
The new version of the paper is really improved. Authors took my comments and now the paper is sound and aligned with the approach taken by SLRs. Congrats for the good work done
Reviewer 2 Report
The paper has been revised according to my suggestions and comments. I recommend it for acceptance.