Can we trust your explanations? Sanity checks for interpreters in android malware analysis

Ming Fan, Wenying Wei, Xiaofei Xie, Yang Liu, Xiaohong Guan, Ting Liu

研究成果: Contribution to journalArticle査読

2 被引用数 (Scopus)

抄録

With the rapid growth of Android malware, many machine learning-based malware analysis approaches are proposed to mitigate the severe phenomenon. However, such classifiers are opaque, non-intuitive, and difficult for analysts to understand the inner decision reason. For this reason, a variety of explanation approaches are proposed to interpret predictions by providing important features. Unfortunately, the explanation results obtained in the malware analysis domain cannot achieve a consensus in general, which makes the analysts confused about whether they can trust such results. In this work, we propose principled guidelines to assess the quality of five explanation approaches by designing three critical quantitative metrics to measure their stability, robustness, and effectiveness. Furthermore, we collect five widely-used malware datasets and apply the explanation approaches on them in two tasks, including malware detection and familial identification. Based on the generated explanation results, we conduct a sanity check of such explanation approaches in terms of the three metrics. The results demonstrate that our metrics can assess the explanation approaches and help us obtain the knowledge of most typical malicious behaviors for malware analysis.

本文言語英語
論文番号9186721
ページ(範囲)838-853
ページ数16
ジャーナルIEEE Transactions on Information Forensics and Security
16
DOI
出版ステータス出版済み - 2021
外部発表はい

All Science Journal Classification (ASJC) codes

  • 安全性、リスク、信頼性、品質管理
  • コンピュータ ネットワークおよび通信

フィンガープリント

「Can we trust your explanations? Sanity checks for interpreters in android malware analysis」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル