"How Does It Detect A Malicious App?" Explaining the Predictions of AI-based Android Malware Detector

• URL: http://arxiv.org/abs/2111.05108v1
• Date: Sat, 6 Nov 2021 11:25:24 GMT
• Title: "How Does It Detect A Malicious App?" Explaining the Predictions of AI-based Android Malware Detector
• Authors: Zhi Lu and Vrizlynn L.L. Thing
• Abstract summary: We present a novel model-agnostic explanation method for AI models applied for Android malware detection. Our proposed method identifies and quantifies the data features relevance to the predictions by two steps. We firstly demonstrate that our proposed model explanation method can aid in discovering how AI models are evaded by adversarial samples quantitatively.
• Score: 6.027885037254337
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: AI methods have been proven to yield impressive performance on Android malware detection. However, most AI-based methods make predictions of suspicious samples in a black-box manner without transparency on models' inference. The expectation on models' explainability and transparency by cyber security and AI practitioners to assure the trustworthiness increases. In this article, we present a novel model-agnostic explanation method for AI models applied for Android malware detection. Our proposed method identifies and quantifies the data features relevance to the predictions by two steps: i) data perturbation that generates the synthetic data by manipulating features' values; and ii) optimization of features attribution values to seek significant changes of prediction scores on the perturbed data with minimal feature values changes. The proposed method is validated by three experiments. We firstly demonstrate that our proposed model explanation method can aid in discovering how AI models are evaded by adversarial samples quantitatively. In the following experiments, we compare the explainability and fidelity of our proposed method with state-of-the-arts, respectively.

Related papers

• PASA: Attack Agnostic Unsupervised Adversarial Detection using Prediction & Attribution Sensitivity Analysis [2.5347892611213614]
  Deep neural networks for classification are vulnerable to adversarial attacks, where small perturbations to input samples lead to incorrect predictions. We develop a practical method for this characteristic of model prediction and feature attribution to detect adversarial samples. Our approach demonstrates competitive performance even when an adversary is aware of the defense mechanism.
  arXiv  Detail & Related papers  (2024-04-12T21:22:21Z)
• Unleashing Mask: Explore the Intrinsic Out-of-Distribution Detection Capability [70.72426887518517]
  Out-of-distribution (OOD) detection is an indispensable aspect of secure AI when deploying machine learning models in real-world applications. We propose a novel method, Unleashing Mask, which aims to restore the OOD discriminative capabilities of the well-trained model with ID data. Our method utilizes a mask to figure out the memorized atypical samples, and then finetune the model or prune it with the introduced mask to forget them.
  arXiv  Detail & Related papers  (2023-06-06T14:23:34Z)
• Uncertainty-Aware AB3DMOT by Variational 3D Object Detection [74.8441634948334]
  Uncertainty estimation is an effective tool to provide statistically accurate predictions. In this paper, we propose a Variational Neural Network-based TANet 3D object detector to generate 3D object detections with uncertainty.
  arXiv  Detail & Related papers  (2023-02-12T14:30:03Z)
• Reliability-Aware Prediction via Uncertainty Learning for Person Image Retrieval [51.83967175585896]
  UAL aims at providing reliability-aware predictions by considering data uncertainty and model uncertainty simultaneously. Data uncertainty captures the noise" inherent in the sample, while model uncertainty depicts the model's confidence in the sample's prediction.
  arXiv  Detail & Related papers  (2022-10-24T17:53:20Z)
• Instance Attack:An Explanation-based Vulnerability Analysis Framework Against DNNs for Malware Detection [0.0]
  We propose the notion of the instance-based attack. Our scheme is interpretable and can work in a black-box environment. Our method operates in black-box settings and the results can be validated with domain knowledge.
  arXiv  Detail & Related papers  (2022-09-06T12:41:20Z)
• PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection [6.264663726458324]
  An explanation to an AI model's prediction used to support decision making in cyber security, is of critical importance. Most existing AI models lack the ability to provide explanations on their prediction results, despite their strong performance in most scenarios. We propose a novel explainable AI method, called PhilaeX, that provides the means to identify the optimized subset of features to form the complete explanations of AI models' predictions.
  arXiv  Detail & Related papers  (2022-07-02T05:06:24Z)
• Leveraging Unlabeled Data to Predict Out-of-Distribution Performance [63.740181251997306]
  Real-world machine learning deployments are characterized by mismatches between the source (training) and target (test) distributions. In this work, we investigate methods for predicting the target domain accuracy using only labeled source data and unlabeled target data. We propose Average Thresholded Confidence (ATC), a practical method that learns a threshold on the model's confidence, predicting accuracy as the fraction of unlabeled examples.
  arXiv  Detail & Related papers  (2022-01-11T23:01:12Z)
• On Predictive Explanation of Data Anomalies [3.1798318618973362]
  PROTEUS is an AutoML pipeline designed for feature selection on imbalanced datasets. It produces predictive explanations by approximating the decision surface of an unsupervised detector. It reliably estimates their predictive performance in unseen data.
  arXiv  Detail & Related papers  (2021-10-18T16:59:28Z)
• Beyond Trivial Counterfactual Explanations with Diverse Valuable Explanations [64.85696493596821]
  In computer vision applications, generative counterfactual methods indicate how to perturb a model's input to change its prediction. We propose a counterfactual method that learns a perturbation in a disentangled latent space that is constrained using a diversity-enforcing loss. Our model improves the success rate of producing high-quality valuable explanations when compared to previous state-of-the-art methods.
  arXiv  Detail & Related papers  (2021-03-18T12:57:34Z)
• Evaluating Explainable AI: Which Algorithmic Explanations Help Users Predict Model Behavior? [97.77183117452235]
  We carry out human subject tests to isolate the effect of algorithmic explanations on model interpretability. Clear evidence of method effectiveness is found in very few cases. Our results provide the first reliable and comprehensive estimates of how explanations influence simulatability.
  arXiv  Detail & Related papers  (2020-05-04T20:35:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.