{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T00:10:22Z","timestamp":1721261422531},"reference-count":41,"publisher":"Oxford University Press (OUP)","issue":"2","license":[{"start":{"date-parts":[[2024,3,20]],"date-time":"2024-03-20T00:00:00Z","timestamp":1710892800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,3,25]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>As it is well known, mobile phones have become a basic gadget for any individual that usually stores sensitive information. This mainly motivates the increase in the number of attacks aimed at jeopardizing smartphones, being an extreme concern above all on Android OS, which is the most popular platform in the market. Consequently, a strong effort has been devoted for mitigating mentioned incidents in recent years, even though few researchers have addressed the application of visualization techniques for the analysis of malware. Within this field, the present work proposes the extension of a new technique called Hybrid Unsupervised Exploratory Plots to visualize Android malware datasets. More precisely, the novel Beta-Hebbian Learning (BHL) method is applied for the first time and validated under the frame of Hybrid Unsupervised Exploratory Plots, in conjunction with clustering methods. The informative visualization achieved provides a picture of the structure of the malware families, allowing subsequent analysis of their organization. To validate the Hybrid Unsupervised Exploratory Plot extension and its tuning, the popular Android Malware Genome dataset has been used in the experimental setting. Promising results have been obtained, suggesting that BHL applied in combination with clustering techniques in Hybrid Unsupervised Exploratory Plots are a viable resource for the visualization of malware families.<\/jats:p>","DOI":"10.1093\/jigpal\/jzae014","type":"journal-article","created":{"date-parts":[[2024,3,20]],"date-time":"2024-03-20T23:36:41Z","timestamp":1710977801000},"page":"306-320","source":"Crossref","is-referenced-by-count":0,"title":["Beta-Hebbian Learning to enhance unsupervised exploratory visualizations of Android malware families"],"prefix":"10.1093","volume":"32","author":[{"given":"Nu\u00f1o","family":"Basurto","sequence":"first","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain, nbasurto@ubu.es"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Diego","family":"Garc\u00eda-Prieto","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain, dgprieto@ubu.es"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"H\u00e9ctor","family":"Quinti\u00e1n","sequence":"additional","affiliation":[{"name":"University of A Coru\u00f1a , CTC, CITIC, Department of Industrial Engineering, Ferrol, A Coru\u00f1a, Spain, hector.quintian@udc.es"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Urda","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain, durda@ubu.es"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jos\u00e9 Luis","family":"Calvo-Rolle","sequence":"additional","affiliation":[{"name":"University of A Coru\u00f1a , CTC, CITIC, Department of Industrial Engineering, Ferrol, A Coru\u00f1a, Spain, jlcalvo@udc.es"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emilio","family":"Corchado","sequence":"additional","affiliation":[{"name":"University of Salamanca , Department of Computing and Automatic, Salamanca, Spain, escorchado@usal.es"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2024,3,20]]},"reference":[{"key":"2024071718031435600_ref1","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1007\/978-3-030-16837-7_12","article-title":"A detailed investigation and analysis of deep learning architectures and visualization techniques for malware family identification","volume-title":"Cybersecurity and Secure Information Systems","author":"Akarsh","year":"2019"},{"key":"2024071718031435600_ref2","doi-asserted-by":"crossref","first-page":"570","DOI":"10.25082\/AMLER.2023.01.005","article-title":"Analyzing and comparing the effectiveness of various machine learning algorithms for android malware detection","volume":"3","author":"Akhtar","year":"2023","journal-title":"Advances in Mobile Learning Educational Research"},{"key":"2024071718031435600_ref3","volume-title":"Stats","author":"AppBrain","year":"2010"},{"key":"2024071718031435600_ref4","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1007\/s10044-021-01053-0","article-title":"A visual tool for monitoring and detecting anomalies in robot performance","volume":"25","author":"Basurto","year":"2022","journal-title":"Pattern Analysis and Applications"},{"key":"2024071718031435600_ref5","article-title":"A clustering extension of hueps for the analysis of performance anomalies in robots","author":"Basurto","year":"2023","journal-title":"Cybernetics & Systems, accepted and in press"},{"key":"2024071718031435600_ref6","first-page":"167","article-title":"Advanced 3d visualization of android malware families","volume-title":"the 14th International Conference on Computational Intelligence in Security for Information Systems and the 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021) 14","author":"Basurto","year":"2022"},{"key":"2024071718031435600_ref7","doi-asserted-by":"crossref","first-page":"1447","DOI":"10.1142\/S0218001403002915","article-title":"Connectionist techniques for the identification and suppression of interfering underlying factors","volume":"17","author":"Corchado","year":"2003","journal-title":"International Journal of Pattern Recognition and Artificial Intelligence"},{"key":"2024071718031435600_ref8","doi-asserted-by":"crossref","first-page":"2042","DOI":"10.1016\/j.asoc.2010.07.002","article-title":"Neural visualization of network traffic data for intrusion detection","volume":"11","author":"Corchado","year":"2011","journal-title":"Applied Soft Computing"},{"key":"2024071718031435600_ref9","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1023\/B:DAMI.0000023673.23078.a3","article-title":"Maximum and minimum likelihood Hebbian learning for exploratory projection pursuit","volume":"8","author":"Corchado","year":"2004","journal-title":"Data Mining and Knowledge Discovery"},{"key":"2024071718031435600_ref10","article-title":"Disarming visualization-based approaches in malware detection systems","volume":"126","author":"Fasc\u00ed","year":"2023","journal-title":"Computers & Security"},{"key":"2024071718031435600_ref11","first-page":"574","article-title":"Neural visualization of android malware families","volume-title":"International Joint Conference SOCO\u201916-CISIS\u201916-ICEUTE\u201916","author":"Gonz\u00e1lez","year":"2016"},{"key":"2024071718031435600_ref12","first-page":"1424","article-title":"Movicab-ids: Visual analysis of network traffic data streams for intrusion detection","volume-title":"International Conference on Intelligent Data Engineering and Automated Learning","author":"Herrero","year":"2006"},{"key":"2024071718031435600_ref13","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2019\/6271017","article-title":"Hybrid unsupervised exploratory plots: a case study of analysing foreign direct investment","volume":"2019","author":"Herrero","year":"2019","journal-title":"Complexity"},{"key":"2024071718031435600_ref14","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1037\/h0071325","article-title":"Analysis of a complex of statistical variables into principal components","volume":"24","author":"Hotelling","year":"1933","journal-title":"Journal of Educational Psychology"},{"key":"2024071718031435600_ref15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40064-016-1861-x","article-title":"Detecting and classifying method based on similarity matching of android malware behavior with profile","volume":"5","author":"Jang","year":"2016","journal-title":"Springerplus"},{"key":"2024071718031435600_ref16","first-page":"281","article-title":"Classification and analysis of multivariate observations","volume-title":"5th Berkeley Symp. Math. Statist. Probability","author":"MacQueen","year":"1967"},{"key":"2024071718031435600_ref17","volume-title":"Trend Micro Security Predictions: Future Tense","author":"Micro","year":"2023"},{"key":"2024071718031435600_ref18","doi-asserted-by":"crossref","first-page":"122","DOI":"10.1016\/j.future.2013.09.014","article-title":"Mining permission patterns for contrasting clean and malicious android applications","volume":"36","author":"Moonsamy","year":"2014","journal-title":"Future Generation Computer Systems"},{"key":"2024071718031435600_ref19","doi-asserted-by":"crossref","first-page":"15471","DOI":"10.1109\/ACCESS.2023.3244656","article-title":"A novel machine learning approach for android malware detection based on the co-existence of features","volume":"11","author":"Odat","year":"2023","journal-title":"IEEE Access"},{"key":"2024071718031435600_ref20","doi-asserted-by":"crossref","first-page":"817","DOI":"10.1109\/ICTC.2014.6983300","article-title":"Analyzing and detecting method of android malware via disassembling and visualization","volume-title":"the 2014 International Conference on Information and Communication Technology Convergence (ICTC)","author":"Park","year":"2014"},{"key":"2024071718031435600_ref21","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1109\/CTS.2013.6567221","article-title":"Mobile malware visual analytics and similarities of attack toolkits (malware gene analysis)","volume-title":"the 2013 International Conference on Collaboration Technologies and Systems (CTS)","author":"Paturi","year":"2013"},{"key":"2024071718031435600_ref22","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.ins.2011.06.020","article-title":"Idmas-sql: Intrusion detection based on mas to detect and block SQL injection through data mining","volume":"231","author":"Pinzon","year":"2013","journal-title":"Information Sciences"},{"key":"2024071718031435600_ref23","doi-asserted-by":"crossref","first-page":"1750024","DOI":"10.1142\/S0129065717500241","article-title":"Beta-Hebbian learning as a new method for exploratory projection pursuit","volume":"27","author":"Quinti\u00e1n","year":"2017","journal-title":"International Journal of Neural Systems"},{"key":"2024071718031435600_ref24","doi-asserted-by":"crossref","first-page":"1056","DOI":"10.1093\/jigpal\/jzac013","article-title":"Advanced visualization of intrusions in flows by means of Beta-Hebbian learning","volume":"30","author":"Quinti\u00e1n","year":"2022","journal-title":"Logic Journal of the IGPL"},{"key":"2024071718031435600_ref25","doi-asserted-by":"crossref","first-page":"4355","DOI":"10.3390\/app10124355","article-title":"A decision-making tool based on exploratory visualization for the automotive industry","volume":"10","author":"Redondo","year":"2020","journal-title":"Applied Sciences"},{"key":"2024071718031435600_ref26","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1007\/978-981-99-0272-9_18","article-title":"Android malware detection: a literature review","volume-title":"Ubiquitous Security: Second International Conference, UbiSec 2022, Zhangjiajie, China, December 28\u201331, 2022, Revised Selected Papers","author":"Sabbah","year":"2023"},{"key":"2024071718031435600_ref27","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1080\/01969722.2013.803903","article-title":"Visualization and clustering for SNMP intrusion detection","volume":"44","author":"S\u00e1nchez","year":"2013","journal-title":"Cybernetics and Systems"},{"key":"2024071718031435600_ref28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2016\/8034967","article-title":"Detection and visualization of android malware behavior","volume":"2016","author":"Somarriba","year":"2016","journal-title":"Journal of Electrical and Computer Engineering"},{"key":"2024071718031435600_ref29","volume-title":"Statcounter","author":"Statcounter","year":"2023"},{"key":"2024071718031435600_ref30","volume-title":"Number of Smartphones Sold to End Users Worldwide from 2007 to 2021","author":"Statista","year":"2022"},{"key":"2024071718031435600_ref31","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1002\/sec.675","article-title":"Malware detection by applying knowledge discovery processes to application metadata on the android market (Google Play)","volume":"9","author":"Teufl","year":"2016","journal-title":"Security and Communication Networks"},{"key":"2024071718031435600_ref32","volume-title":"Android Security: Click Fraud Apps Drove 100% Malware Increase in Google Play for 2018","author":"Trendmicro","year":"2019"},{"key":"2024071718031435600_ref33","first-page":"105","article-title":"A survey of visualization systems for malware analysis","volume-title":"Eurographics Conference on Visualization (EuroVis)","author":"Wagner","year":"2015"},{"key":"2024071718031435600_ref34","doi-asserted-by":"crossref","first-page":"390","DOI":"10.1093\/jigpal\/jzac026","article-title":"A novel method for anomaly detection using Beta-Hebbian learning and principal component analysis","volume":"31","author":"Zayas-Gato","year":"2022","journal-title":"Logic Journal of the IGPL"},{"key":"2024071718031435600_ref35","first-page":"449","article-title":"Visual analysis of android malware behavior profile based on $pmc{g}_{droid}$: a pruned lightweight app call graph","volume-title":"International Conference on Security and Privacy in Communication Systems","author":"Zhang","year":"2017"},{"key":"2024071718031435600_ref36","doi-asserted-by":"crossref","first-page":"1838","DOI":"10.1109\/COMST.2021.3086475","article-title":"A review of computer vision methods in network security","volume":"23","author":"Zhao","year":"2021","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"2024071718031435600_ref37","volume-title":"Android Malware Genome Project","author":"Zhou","year":"2012"},{"key":"2024071718031435600_ref38","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1109\/SP.2012.16","article-title":"Dissecting android malware: characterization and evolution","volume-title":"In 2012 IEEE Symposium on Security and Privacy","author":"Zhou","year":"2012"},{"key":"2024071718031435600_ref39","first-page":"95","article-title":"Search rank fraud and malware detection in Google Play","volume-title":"In 2012 IEEE Symposium on Security and Privacy","author":"Zhou","year":"2022"},{"key":"2024071718031435600_ref40","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.119593","article-title":"An effective end-to-end android malware detection method","volume":"218","author":"Zhu","year":"2023","journal-title":"Expert Systems with Applications"},{"key":"2024071718031435600_ref41","first-page":"561","article-title":"Visualization of misuse-based intrusion detection: application to honeynet data","volume-title":"Soft Computing Models in Industrial and Environmental Applications, the 6th International Conference SOCO 2011","author":"Zurutuza","year":"2011"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/32\/2\/306\/58499085\/jzae014.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/32\/2\/306\/58499085\/jzae014.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,17]],"date-time":"2024-07-17T18:03:48Z","timestamp":1721239428000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/32\/2\/306\/7630829"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,20]]},"references-count":41,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,3,20]]},"published-print":{"date-parts":[[2024,3,25]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzae014","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,4]]},"published":{"date-parts":[[2024,3,20]]}}}