Neural Visualization of Android Malware Families

  • Alejandro González
  • Álvaro HerreroEmail author
  • Emilio Corchado
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 527)


Due to the ever increasing amount and severity of attacks aimed at compromising smartphones in general, and Android devices in particular, much effort have been devoted in recent years to deal with such incidents. However, scant attention has been devoted to study the interplay between visualization techniques and Android malware detection. As an initial proposal, neural projection architectures are applied in present work to analyze malware apps data and characterize malware families. By the advanced and intuitive visualization, the proposed solution provides with an overview of the structure of the families dataset and ease the analysis of their internal organization. Dimensionality reduction based on unsupervised neural networks is performed on family information from the Android Malware Genome (Malgenome) dataset.


Android malware Malware families Artificial neural networks Exploratory projection pursuit 


  1. 1.
  2. 2.
  3. 3.
    Micro, T.: The Fine Line: 2016 Trend Micro Security Predictions (2015)Google Scholar
  4. 4.
  5. 5.
    Yajin, Z., Xuxian, J.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109 (2012)Google Scholar
  6. 6.
  7. 7.
    Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. 11, 2042–2056 (2011)CrossRefGoogle Scholar
  8. 8.
    Pinzón, C.I., De Paz, J.F., Herrero, Á., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)CrossRefGoogle Scholar
  9. 9.
    Herrero, Á., Zurutuza, U., Corchado, E.: A neural-visualization IDS for honeynet data. Int. J. Neural Syst. 22, 1–18 (2012)CrossRefGoogle Scholar
  10. 10.
    Atienza, D., Herrero, Á., Corchado, E.: Neural analysis of HTTP traffic for web attack detection. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds.) International Joint Conference, vol. 369, pp. 201–212. Springer, New York (2015)CrossRefGoogle Scholar
  11. 11.
    Arshad, S., Khan, A., Shah, M.A., Ahmed, M.: Android malware detection & protection: a survey. Int. J. Adv. Comput. Sci. Appl. 7, 463–475 (2016)Google Scholar
  12. 12.
    Cen, L., Gates, C.S., Si, L., Li, N.: A probabilistic discriminative model for android malware detection with decompiled source code. IEEE Trans. Dependable Secure Comput. 12, 400–412 (2015)CrossRefGoogle Scholar
  13. 13.
    Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., Marañón, G.A.: MAMA: manifest analysis for malware detection in android. Cybern. Syst. 44, 469–488 (2013)CrossRefGoogle Scholar
  14. 14.
    Teufl, P., Ferk, M., Fitzek, A., Hein, D., Kraxberger, S., Orthacker, C.: Malware detection by applying knowledge discovery processes to application metadata on the android market (Google Play). Secur. Commun. Netw. 9, 389–419 (2016)CrossRefGoogle Scholar
  15. 15.
    Jang, J.-W., Yun, J., Mohaisen, A., Woo, J., Kim, H.K.: Detecting and classifying method based on similarity matching of android malware behavior with profile. SpringerPlus 5, 1–23 (2016)CrossRefGoogle Scholar
  16. 16.
    Wagner, M., Fischer, F., Luh, R., Haberson, A., Rind, A., Keim, D.A., Aigner, W.: A survey of visualization systems for malware analysis. In: EG Conference on Visualization (EuroVis)-STARs, pp. 105–125 (2015)Google Scholar
  17. 17.
    Paturi, A., Cherukuri, M., Donahue, J., Mukkamala, S.: Mobile malware visual analytics and similarities of attack toolkits (malware gene analysis). In: 2013 International Conference on Collaboration Technologies and Systems (CTS), pp. 149–154 (2013)Google Scholar
  18. 18.
    Park, W., Lee, K.H., Cho, K.S., Ryu, W.: Analyzing and detecting method of android malware via disassembling and visualization. In: 2014 International Conference on Information and Communication Technology Convergence (ICTC), pp. 817–818 (2014)Google Scholar
  19. 19.
    Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Future Gener. Comput. Syst. 36, 122–132 (2014)CrossRefGoogle Scholar
  20. 20.
    Somarriba, O., Zurutuza, U., Uribeetxeberria, R., Delosières, L., Nadjm-Tehrani, S.: Detection and visualization of android malware behavior. J. Electr. Comput. Eng. 2016, 17 (2016). doi: 10.1155/2016/8034967. Article ID: 8034967CrossRefGoogle Scholar
  21. 21.
    Pearson, K.: On lines and planes of closest fit to systems of points in space. Philos. Mag. 2, 559–572 (1901)CrossRefGoogle Scholar
  22. 22.
    Oja, E.: Principal components, minor components, and linear neural networks. Neural Netw. 5, 927–935 (1992)CrossRefGoogle Scholar
  23. 23.
    Fyfe, C.: A neural network for PCA and beyond. Neural Process. Lett. 6, 33–41 (1997)CrossRefGoogle Scholar
  24. 24.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and minimum likelihood hebbian learning for exploratory projection pursuit. Data Mining Knowl. Discov. 8, 203–225 (2004)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Corchado, E., Fyfe, C.: Connectionist techniques for the identification and suppression of interfering underlying factors. Int. J. Pattern Recogn. Artif. Intell. 17, 1447–1466 (2003)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  • Alejandro González
    • 1
  • Álvaro Herrero
    • 1
    Email author
  • Emilio Corchado
    • 2
  1. 1.Department of Civil EngineeringUniversity of BurgosBurgosSpain
  2. 2.Departamento de Informática y AutomáticaUniversidad de SalamancaSalamancaSpain

Personalised recommendations