Can we trust your explanations? Sanity checks for interpreters in android malware analysis
With the rapid growth of Android malware, many machine learning-based malware analysis approaches are proposed to mitigate the severe phenomenon. However, such classifiers are opaque, non-intuitive, and difficult for analysts to understand the inner decision reason. For this reason, a variety of exp...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2021
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7101 https://ink.library.smu.edu.sg/context/sis_research/article/8104/viewcontent/2008.05895.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8104 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-81042024-02-28T00:35:58Z Can we trust your explanations? Sanity checks for interpreters in android malware analysis FAN, Min WEI, Wenying XIE, Xiaofei LIU, Yang GUAN, Xiaohong LIU, Ting With the rapid growth of Android malware, many machine learning-based malware analysis approaches are proposed to mitigate the severe phenomenon. However, such classifiers are opaque, non-intuitive, and difficult for analysts to understand the inner decision reason. For this reason, a variety of explanation approaches are proposed to interpret predictions by providing important features. Unfortunately, the explanation results obtained in the malware analysis domain cannot achieve a consensus in general, which makes the analysts confused about whether they can trust such results. In this work, we propose principled guidelines to assess the quality of five explanation approaches by designing three critical quantitative metrics to measure their stability, robustness, and effectiveness. Furthermore, we collect five widely-used malware datasets and apply the explanation approaches on them in two tasks, including malware detection and familial identification. Based on the generated explanation results, we conduct a sanity check of such explanation approaches in terms of the three metrics. The results demonstrate that our metrics can assess the explanation approaches and help us obtain the knowledge of most typical malicious behaviors for malware analysis. 2021-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7101 info:doi/10.1109/TIFS.2020.3021924 https://ink.library.smu.edu.sg/context/sis_research/article/8104/viewcontent/2008.05895.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android malware Explanation approaches Stability Robustness Effectiveness Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android malware Explanation approaches Stability Robustness Effectiveness Information Security Software Engineering |
| spellingShingle |
Android malware Explanation approaches Stability Robustness Effectiveness Information Security Software Engineering FAN, Min WEI, Wenying XIE, Xiaofei LIU, Yang GUAN, Xiaohong LIU, Ting Can we trust your explanations? Sanity checks for interpreters in android malware analysis |
| description |
With the rapid growth of Android malware, many machine learning-based malware analysis approaches are proposed to mitigate the severe phenomenon. However, such classifiers are opaque, non-intuitive, and difficult for analysts to understand the inner decision reason. For this reason, a variety of explanation approaches are proposed to interpret predictions by providing important features. Unfortunately, the explanation results obtained in the malware analysis domain cannot achieve a consensus in general, which makes the analysts confused about whether they can trust such results. In this work, we propose principled guidelines to assess the quality of five explanation approaches by designing three critical quantitative metrics to measure their stability, robustness, and effectiveness. Furthermore, we collect five widely-used malware datasets and apply the explanation approaches on them in two tasks, including malware detection and familial identification. Based on the generated explanation results, we conduct a sanity check of such explanation approaches in terms of the three metrics. The results demonstrate that our metrics can assess the explanation approaches and help us obtain the knowledge of most typical malicious behaviors for malware analysis. |
| format |
text |
| author |
FAN, Min WEI, Wenying XIE, Xiaofei LIU, Yang GUAN, Xiaohong LIU, Ting |
| author_facet |
FAN, Min WEI, Wenying XIE, Xiaofei LIU, Yang GUAN, Xiaohong LIU, Ting |
| author_sort |
FAN, Min |
| title |
Can we trust your explanations? Sanity checks for interpreters in android malware analysis |
| title_short |
Can we trust your explanations? Sanity checks for interpreters in android malware analysis |
| title_full |
Can we trust your explanations? Sanity checks for interpreters in android malware analysis |
| title_fullStr |
Can we trust your explanations? Sanity checks for interpreters in android malware analysis |
| title_full_unstemmed |
Can we trust your explanations? Sanity checks for interpreters in android malware analysis |
| title_sort |
can we trust your explanations? sanity checks for interpreters in android malware analysis |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2021 |
| url |
https://ink.library.smu.edu.sg/sis_research/7101 https://ink.library.smu.edu.sg/context/sis_research/article/8104/viewcontent/2008.05895.pdf |
| _version_ |
1794549716812300288 |