Skip to main content
SpringerLink
Log in

Advanced 3D Visualization of Android Malware Families

  • Conference paper
  • First Online:
14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021) (CISIS - ICEUTE 2021)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1400))

  • 510 Accesses

Abstract

The number of attacks aimed at compromising smartphones in general, and Android devices in particular, is acknowledged as one of the main security concerns of these devices. Accordingly, a great effort has been devoted in recent years to deal with such incidents. However, scant attention has been paid to study the application of different visualization techniques for the analysis of malware. To bridge this gap, the present paper proposes the application of a novel technique called Hybrid Unsupervised Exploratory Plots (HUEPs) for the visualization of an Android malware dataset. Thanks to the advanced 3D visualization that is obtained, the proposed solution provides with an overview of the structure of the malware families, supporting the analysis of their internal organization. Experimentation has been carried out with the popular Android Malware Genome (Malgenome) dataset, obtaining promising results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Statista - The Statistics Portal. http://www.statista.com/statistics/266219/global-smartphone-sales-since-1st-quarter-2009-by-operating-system/. Accessed 21 May 2021

  2. AppBrain Stats. http://www.appbrain.com/stats/stats-index. Accessed 20 May 2021

  3. Micro, T.: The Fine Line: 2016 Trend Micro Security Predictions (2015)

    Google Scholar 

  4. Android Security: Click Fraud Apps Drove 100% Malware Increase in Google Play for 2018. https://www.trendmicro.com/vinfo/us/security/news/mobile-safety/android-security-click-fraud-apps-drove-100-malware-increase-in-google-play-for-2018. Accessed 20 May 2021

  5. Yajin, Z., Xuxian, J.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109 (2012)

    Google Scholar 

  6. Malgenome Project. http://www.malgenomeproject.org/. Accessed 20 May 2021

  7. Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. 11, 2042–2056 (2011)

    Article  Google Scholar 

  8. Sánchez, R., Herrero, Á., Corchado, E.: Visualization and clustering for SNMP intrusion detection. Cybern. Syst. Int. J. 44, 505–532 (2013)

    Article  Google Scholar 

  9. Pinzón, C.I., De Paz, J.F., Herrero, Á., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)

    Article  Google Scholar 

  10. Zurutuza, U., Ezpeleta, E., Herrero, Á., Corchado, E.: Visualization of misuse-based intrusion detection: application to honeynet data. In: Corchado, E., Snášel, V., Sedano, J., Hassanien, A.E., Calvo, J.L., Ślȩzak, D. (eds.) Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011, pp. 561–570. Springer, Berlin, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19644-7_59

    Chapter  Google Scholar 

  11. Razgallah, A., Khoury, R., Hallé, S., Khanmohammadi, K.: A survey of malware detection in android apps: recommendations and perspectives for future research. Comput. Sci. Rev. 39, 100358 (2021)

    Article  Google Scholar 

  12. Cen, L., Gates, C.S., Si, L., Li, N.: A probabilistic discriminative model for android malware detection with decompiled source code. IEEE Trans. Depend. Secur. Comput. 12, 400–412 (2015)

    Article  Google Scholar 

  13. Sanz, B., et al.: MAMA: manifest analysis for malware detection in android. Cybern. Syst. 44, 469–488 (2013)

    Article  Google Scholar 

  14. Teufl, P., Ferk, M., Fitzek, A., Hein, D., Kraxberger, S., Orthacker, C.: Malware detection by applying knowledge discovery processes to application metadata on the android market (Google Play). Secur. Commun. Netw. 9, 389–419 (2016)

    Article  Google Scholar 

  15. Jang, J.-W., Yun, J., Mohaisen, A., Woo, J., Kim, H.K.: Detecting and classifying method based on similarity matching of android malware behavior with profile. Springerplus 5, 1–23 (2016)

    Article  Google Scholar 

  16. Zhao, J., Masood, R., Seneviratne, S.: A Review of Computer Vision Methods in Network Security. IEEE Communications Surveys & Tutorials, pp. 1–1 (2021)

    Google Scholar 

  17. Herrero, Á., Corchado, E., Sáiz, J.M.: MOVICAB-IDS: visual analysis of network traffic data streams for intrusion detection. In: Corchado, E., Yin, H., Botti, V., Fyfe, C. (eds.) IDEAL 2006. LNCS, vol. 4224, pp. 1424–1433. Springer, Heidelberg (2006). https://doi.org/10.1007/11875581_169

    Chapter  Google Scholar 

  18. Wagner, M., et al.: A survey of visualization systems for malware analysis. In: EG Conference on Visualization (EuroVis)-STARs, pp. 105–125 (2015)

    Google Scholar 

  19. Paturi, A., Cherukuri, M., Donahue, J., Mukkamala, S.: Mobile malware visual analytics and similarities of attack toolkits (malware gene analysis). In: Collaboration Technologies and Systems (CTS), 2013 International Conference on, pp. 149–154 (2013)

    Google Scholar 

  20. Park, W., Lee, K.H., Cho, K.S., Ryu, W.: Analyzing and detecting method of android malware via disassembling and visualization. In: 2014 International Conference on Information and Communication Technology Convergence (ICTC), pp. 817–818 (2014)

    Google Scholar 

  21. Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Futur. Gener. Comput. Syst. 36, 122–132 (2014)

    Article  Google Scholar 

  22. Somarriba, O., Zurutuza, U., Uribeetxeberria, R., Delosières, L., Nadjm-Tehrani, S.: Detection and visualization of android malware behavior. J. Electr. Comput. Eng. 2016, 1–17 (2016)

    Article  Google Scholar 

  23. Zhang, Y., et al.: Visual analysis of android malware behavior profile based on $$PMCG_{droid}$$ : a pruned lightweight APP call graph. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S. (eds.) Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings, pp. 449–468. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_23

    Chapter  Google Scholar 

  24. Akarsh, S., Poornachandran, P., Menon, V.K., Soman, K.P.: A detailed investigation and analysis of deep learning architectures and visualization techniques for malware family identification. In: Hassanien, A.E., Elhoseny, M. (eds.) Cybersecurity and Secure Information Systems: Challenges and Solutions in Smart Environments, pp. 241–286. Springer International Publishing, Cham (2019)

    Chapter  Google Scholar 

  25. González, A., Herrero, Á., Corchado, E.: Neural visualization of android malware families. In: Graña, M., López-Guede, J.M., Etxaniz, O., Herrero, Á., Quintián, H., Corchado, E. (eds.) SOCO/CISIS/ICEUTE -2016. AISC, vol. 527, pp. 574–583. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-47364-2_56

    Chapter  Google Scholar 

  26. Herrero, Á., Jiménez, A., Bayraktar, S.: Hybrid unsupervised exploratory plots: a case study of analysing foreign direct investment. Complexity 2019, 6271017 (2019)

    Article  Google Scholar 

  27. Redondo, R., Herrero, Á., Corchado, E., Sedano, J.: A decision-making tool based on exploratory visualization for the automotive industry. Appl. Sci. 10, 4355 (2020)

    Article  Google Scholar 

  28. Hotelling, H.: Analysis of a complex of statistical variables into principal components. J. Educ. Psychol. 24, 417–444 (1933)

    Article  Google Scholar 

  29. Corchado, E., MacDonald, D., Fyfe, C.: Maximum and minimum likelihood Hebbian learning for exploratory projection pursuit. Data Min. Knowl. Disc. 8, 203–225 (2004)

    Article  MathSciNet  Google Scholar 

  30. Corchado, E., Fyfe, C.: Connectionist techniques for the identification and suppression of interfering underlying factors. Int. J. Pattern Recognit. Artif. Intell. 17, 1447–1466 (2003)

    Article  Google Scholar 

  31. Macqueen, J.: Some methods for classification and analysis of multivariate observations. In: Fifth Berkeley Symposium on Mathematical Statistics and Probability, pp. 281–297 (1967)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Av. Cantabria s/n, 09006, Burgos, Spain

    Nuño Basurto, Daniel Urda & Álvaro Herrero

  2. Department of Industrial Engineering, University of A Coruña, CTC, CITIC, Avda. 19 de febrero s/n, 15405, Ferrol, A Coruña, Spain

    Héctor Quintián & José Luis Calvo-Rolle

  3. Departamento de Informática y Automática, Universidad de Salamanca, Plaza de la Merced, s/n, 37008, Salamanca, Spain

    Emilio Corchado

Authors
  1. Nuño Basurto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Héctor Quintián
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Urda
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José Luis Calvo-Rolle
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nuño Basurto .

Editor information

Editors and Affiliations

  1. Department of Computing, Electronics and Communication Technologies, University of Deusto, Bilbao, Spain

    Juan José Gude Prego

  2. Department of Computing, Electronics and Communication Technologies, University of Deusto, Bilbao, Spain

    José Gaviria de la Puerta

  3. Department of Mechanics, Design and Industrial Management, University of Deusto, Bilbao, Spain

    Pablo García Bringas

  4. Department of Industrial Engineering, University of A Coruña, Ferrol, Spain

    Héctor Quintián

  5. BISITE Research Group, University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Basurto, N., Quintián, H., Urda, D., Calvo-Rolle, J.L., Herrero, Á., Corchado, E. (2022). Advanced 3D Visualization of Android Malware Families. In: Gude Prego, J.J., de la Puerta, J.G., García Bringas, P., Quintián, H., Corchado, E. (eds) 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021). CISIS - ICEUTE 2021. Advances in Intelligent Systems and Computing, vol 1400. Springer, Cham. https://doi.org/10.1007/978-3-030-87872-6_17

Download citation

Publish with us

Policies and ethics

Search

Navigation