Explainable Deep Learning Models for Dynamic and Online Malware Classification

• URL: http://arxiv.org/abs/2404.12473v1
• Date: Thu, 18 Apr 2024 19:07:51 GMT
• Title: Explainable Deep Learning Models for Dynamic and Online Malware Classification
• Authors: Quincy Card, Daniel Simpson, Kshitiz Aryal, Maanak Gupta, Sheikh Rabiul Islam,
• Abstract summary: Our paper aims to delve into explainable malware classification across various execution environments. We train Feed Forward Neural Networks (FFNN) and Convolutional Neural Networks (CNN) to classify malware based on features obtained from dynamic and online analysis environments. We perform a detailed evaluation of the calculated global and local explanations from the experiments, discuss limitations and, ultimately, offer recommendations for achieving a balanced approach.
• Score: 0.856335408411906
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: In recent years, there has been a significant surge in malware attacks, necessitating more advanced preventive measures and remedial strategies. While several successful AI-based malware classification approaches exist categorized into static, dynamic, or online analysis, most successful AI models lack easily interpretable decisions and explanations for their processes. Our paper aims to delve into explainable malware classification across various execution environments (such as dynamic and online), thoroughly analyzing their respective strengths, weaknesses, and commonalities. To evaluate our approach, we train Feed Forward Neural Networks (FFNN) and Convolutional Neural Networks (CNN) to classify malware based on features obtained from dynamic and online analysis environments. The feature attribution for malware classification is performed by explainability tools, SHAP, LIME and Permutation Importance. We perform a detailed evaluation of the calculated global and local explanations from the experiments, discuss limitations and, ultimately, offer recommendations for achieving a balanced approach.

Related papers

• Neural Networks Decoded: Targeted and Robust Analysis of Neural Network Decisions via Causal Explanations and Reasoning [9.947555560412397]
  We introduce TRACER, a novel method grounded in causal inference theory to estimate the causal dynamics underpinning DNN decisions. Our approach systematically intervenes on input features to observe how specific changes propagate through the network, affecting internal activations and final outputs. TRACER further enhances explainability by generating counterfactuals that reveal possible model biases and offer contrastive explanations for misclassifications.
  arXiv  Detail & Related papers  (2024-10-07T20:44:53Z)
• Explainability-Informed Targeted Malware Misclassification [0.0]
  Machine learning models for malware classification into categories have shown promising results. Deep neural networks have shown vulnerabilities against intentionally crafted adversarial attacks. Our paper explores such adversarial vulnerabilities of neural network based malware classification system.
  arXiv  Detail & Related papers  (2024-05-07T04:59:19Z)
• Comprehensive evaluation of Mal-API-2019 dataset by machine learning in malware detection [0.5475886285082937]
  This study conducts a thorough examination of malware detection using machine learning techniques. The aim is to advance cybersecurity capabilities by identifying and mitigating threats more effectively.
  arXiv  Detail & Related papers  (2024-03-04T17:22:43Z)
• Analyzing Adversarial Inputs in Deep Reinforcement Learning [53.3760591018817]
  We present a comprehensive analysis of the characterization of adversarial inputs, through the lens of formal verification. We introduce a novel metric, the Adversarial Rate, to classify models based on their susceptibility to such perturbations. Our analysis empirically demonstrates how adversarial inputs can affect the safety of a given DRL system with respect to such perturbations.
  arXiv  Detail & Related papers  (2024-02-07T21:58:40Z)
• Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey [114.17568992164303]
  Adrial attacks and defenses in machine learning and deep neural network have been gaining significant attention. This survey provides a comprehensive overview of the recent advancements in the field of adversarial attack and defense techniques. New avenues of attack are also explored, including search-based, decision-based, drop-based, and physical-world attacks.
  arXiv  Detail & Related papers  (2023-03-11T04:19:31Z)
• Dynamics-aware Adversarial Attack of Adaptive Neural Networks [75.50214601278455]
  We investigate the dynamics-aware adversarial attack problem of adaptive neural networks. We propose a Leaded Gradient Method (LGM) and show the significant effects of the lagged gradient. Our LGM achieves impressive adversarial attack performance compared with the dynamic-unaware attack methods.
  arXiv  Detail & Related papers  (2022-10-15T01:32:08Z)
• Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
  We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
  arXiv  Detail & Related papers  (2022-03-25T19:57:19Z)
• Gone Fishing: Neural Active Learning with Fisher Embeddings [55.08537975896764]
  There is an increasing need for active learning algorithms that are compatible with deep neural networks. This article introduces BAIT, a practical representation of tractable, and high-performing active learning algorithm for neural networks.
  arXiv  Detail & Related papers  (2021-06-17T17:26:31Z)
• Explainable Adversarial Attacks in Deep Neural Networks Using Activation Profiles [69.9674326582747]
  This paper presents a visual framework to investigate neural network models subjected to adversarial examples. We show how observing these elements can quickly pinpoint exploited areas in a model.
  arXiv  Detail & Related papers  (2021-03-18T13:04:21Z)
• A novel DL approach to PE malware detection: exploring Glove vectorization, MCC_RCNN and feature fusion [0.0]
  We propose the DL-based approaches for detection and use static-based features fed up into models. We implement a neural network model called MCC_RCNN, comprising of the combination with CNN and RNN. Our proposed classification methods can obtain a higher prediction accuracy than the other baseline methods.
  arXiv  Detail & Related papers  (2021-01-22T07:08:10Z)
• An Adversarial Approach for Explaining the Predictions of Deep Neural Networks [9.645196221785694]
  We present a novel algorithm for explaining the predictions of a deep neural network (DNN) using adversarial machine learning. Our approach identifies the relative importance of input features in relation to the predictions based on the behavior of an adversarial attack on the DNN. Our analysis enables us to produce consistent and efficient explanations.
  arXiv  Detail & Related papers  (2020-05-20T18:06:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.