{"id":"https://openalex.org/W4414096623","doi":"https://doi.org/10.3390/jcp5030072","title":"Structured Heatmap Learning for Multi-Family Malware Classification: A Deep and Explainable Approach Using CAPEv2","display_name":"Structured Heatmap Learning for Multi-Family Malware Classification: A Deep and Explainable Approach Using CAPEv2","publication_year":2025,"publication_date":"2025-09-10","ids":{"openalex":"https://openalex.org/W4414096623","doi":"https://doi.org/10.3390/jcp5030072"},"language":"en","primary_location":{"id":"doi:10.3390/jcp5030072","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030072","pdf_url":"https://www.mdpi.com/2624-800X/5/3/72/pdf?version=1757491955","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2624-800X/5/3/72/pdf?version=1757491955","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119581591","display_name":"Oussama El Rhayati","orcid":"https://orcid.org/0009-0007-5336-7913"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":true,"raw_author_name":"Oussama El Rhayati","raw_affiliation_strings":["Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco"],"raw_orcid":"https://orcid.org/0009-0007-5336-7913","affiliations":[{"raw_affiliation_string":"Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119581592","display_name":"Hatim Essadeq","orcid":null},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":true,"raw_author_name":"Hatim Essadeq","raw_affiliation_strings":["Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048317087","display_name":"Omar El Beqqali","orcid":"https://orcid.org/0000-0003-0269-3819"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Omar El Beqqali","raw_affiliation_strings":["Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021153442","display_name":"Hamid Tairi","orcid":"https://orcid.org/0000-0002-4895-3981"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Hamid Tairi","raw_affiliation_strings":["Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069765987","display_name":"Mohamed Lamrini","orcid":"https://orcid.org/0009-0008-8400-1508"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Mohamed Lamrini","raw_affiliation_strings":["Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086636211","display_name":"Jamal Riffi","orcid":null},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Jamal Riffi","raw_affiliation_strings":["Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Sciences Dhar El Mahraz (FSDM), Sidi Mohamed Ben Abdellah University, Fez 30000, Morocco","institution_ids":["https://openalex.org/I81605866"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5119581591","https://openalex.org/A5119581592"],"corresponding_institution_ids":["https://openalex.org/I81605866"],"apc_list":{"value":1000,"currency":"CHF","value_usd":1082},"apc_paid":{"value":1000,"currency":"CHF","value_usd":1082},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.26482815,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"5","issue":"3","first_page":"72","last_page":"72"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6534000039100647},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.6384999752044678},{"id":"https://openalex.org/keywords/interpretability","display_name":"Interpretability","score":0.6327999830245972},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.6022999882698059},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.527400016784668},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5138999819755554},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4763000011444092},{"id":"https://openalex.org/keywords/overfitting","display_name":"Overfitting","score":0.41100001335144043},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.39820000529289246}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8039000034332275},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6534000039100647},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.6384999752044678},{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.6327999830245972},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.6022999882698059},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.532800018787384},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.527400016784668},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5138999819755554},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5112000107765198},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4763000011444092},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.41100001335144043},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.39820000529289246},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.3978999853134155},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.3977999985218048},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.392300009727478},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.38499999046325684},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.38269999623298645},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.34209999442100525},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.32030001282691956},{"id":"https://openalex.org/C159379195","wikidata":"https://www.wikidata.org/wiki/Q7239568","display_name":"Precomputation","level":3,"score":0.30820000171661377},{"id":"https://openalex.org/C111030470","wikidata":"https://www.wikidata.org/wiki/Q1430460","display_name":"Curse of dimensionality","level":2,"score":0.304500013589859},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.302700012922287},{"id":"https://openalex.org/C2777601683","wikidata":"https://www.wikidata.org/wiki/Q6499736","display_name":"Vocabulary","level":2,"score":0.28839999437332153},{"id":"https://openalex.org/C194541083","wikidata":"https://www.wikidata.org/wiki/Q457174","display_name":"Workaround","level":2,"score":0.28290000557899475},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.28119999170303345},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.27630001306533813},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.25999999046325684},{"id":"https://openalex.org/C152124472","wikidata":"https://www.wikidata.org/wiki/Q1204361","display_name":"Redundancy (engineering)","level":2,"score":0.2556000053882599},{"id":"https://openalex.org/C79540074","wikidata":"https://www.wikidata.org/wiki/Q3269465","display_name":"Keystroke dynamics","level":4,"score":0.2549999952316284}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/jcp5030072","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030072","pdf_url":"https://www.mdpi.com/2624-800X/5/3/72/pdf?version=1757491955","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:7f0d161c376543549b0f21b8ee32999a","is_oa":true,"landing_page_url":"https://doaj.org/article/7f0d161c376543549b0f21b8ee32999a","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Cybersecurity and Privacy, Vol 5, Iss 3, p 72 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/jcp5030072","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030072","pdf_url":"https://www.mdpi.com/2624-800X/5/3/72/pdf?version=1757491955","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414096623.pdf","grobid_xml":"https://content.openalex.org/works/W4414096623.grobid-xml"},"referenced_works_count":3,"referenced_works":["https://openalex.org/W101596157","https://openalex.org/W2010065958","https://openalex.org/W2962858109"],"related_works":["https://openalex.org/W2731899572","https://openalex.org/W2961085424","https://openalex.org/W3215138031","https://openalex.org/W4306674287","https://openalex.org/W3009238340","https://openalex.org/W4360585206","https://openalex.org/W4321369474","https://openalex.org/W4285208911","https://openalex.org/W4387369504","https://openalex.org/W3082895349"],"abstract_inverted_index":{"Accurate":[0],"malware":[1,90],"family":[2],"classification":[3],"from":[4],"dynamic":[5],"sandbox":[6,47],"reports":[7,49],"continues":[8],"to":[9,24,130],"be":[10],"a":[11,41,79],"fundamental":[12],"cybersecurity":[13],"challenge.":[14],"Most":[15],"prior":[16],"works":[17],"depend":[18],"on":[19,105,147],"random":[20],"splits":[21],"that":[22,44,156],"tend":[23],"overestimate":[25],"accuracy,":[26,99,119,167],"whereas":[27],"deployment":[28],"requires":[29],"robustness":[30,170],"under":[31,57],"temporal":[32],"drift":[33],"as":[34,36],"well":[35],"changing":[37],"behaviors.":[38],"We":[39,133],"present":[40],"leakage-aware":[42],"pipeline":[43,63],"transforms":[45],"CAPEv2":[46,86],"JSON":[48],"into":[50],"structured":[51],"visual":[52,124],"heatmaps":[53],"and":[54,59,71,78,122,140,143,150,169],"evaluate":[55],"models":[56],"stratified":[58],"chronological":[60],"splits.":[61],"The":[62],"rigorously":[64],"flattens":[65],"behavioral":[66],"keys,":[67],"builds":[68],"normalized":[69],"representations,":[70],"benchmarks":[72],"Random":[73,92],"Forest,":[74],"MLP,":[75],"CNN64,":[76],"HybridNet,":[77],"modern":[80],"ResNeXt-50":[81,112],"backbone.":[82],"On":[83],"the":[84,114],"Avast\u2013CTU":[85],"dataset":[87],"containing":[88],"ten":[89],"families,":[91],"Forest":[93],"achieves":[94,113],"nearly":[95],"state-of-the-art":[96],"accuracy":[97],"(97.2%":[98],"0.993":[100],"AUC)":[101,121],"with":[102],"high":[103],"efficiency":[104,136],"CPUs,":[106],"making":[107],"it":[108],"attractive":[109],"for":[110],"triage.":[111],"best":[115],"overall":[116],"performance":[117],"(98.4%":[118],"0.998":[120],"provides":[123],"interpretability":[125],"via":[126],"Grad-CAM,":[127],"enabling":[128],"analysts":[129],"verify":[131],"predictions.":[132],"further":[134],"quantify":[135],"trade-offs":[137],"(inference":[138],"throughput":[139],"GPU":[141],"memory)":[142],"report":[144],"ablation":[145],"studies":[146],"vocabulary":[148],"size":[149],"keyset":[151],"choices.":[152],"These":[153],"results":[154],"affirm":[155],"though":[157],"ensemble":[158],"methods":[159],"are":[160],"still":[161],"robust,":[162],"heatmap-based":[163],"CNNs":[164],"provide":[165],"better":[166],"interpretability,":[168],"against":[171],"drift.":[172]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}
