PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection

Zhi Lu; Vrizlynn Thing

doi:10.5220/0010986700003194

PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection

Zhi Lu, Vrizlynn Thing

2022

Abstract

The explanation to an AI model’s prediction used to support decision making in cyber security, is of critical importance. It is especially so when the model’s incorrect prediction can lead to severe damages or even losses to lives and critical assets. However, most existing AI models lack the ability to provide explanations on their prediction results, despite their strong performance in most scenarios. In this work, we propose a novel explainable AI method, called PhilaeX, that provides the heuristic means to identify the optimized subset of features to form the complete explanations of AI models’ predictions. It identifies the features that lead to the model’s borderline prediction, and those with positive individual contributions are extracted. The feature attributions are then quantified through the optimization of a Ridge regression model. We verify the explanation fidelity through two experiments. First, we assess our method’s capability in correctly identifying the activated features in the adversarial samples of Android malwares, through the features attribution values from PhilaeX. Second, the deduction and augmentation tests, are used to assess the fidelity of the explanations. The results show that PhilaeX is able to explain different types of classifiers correctly, with higher fidelity explanations, compared to the state-of-the-arts methods such as LIME and SHAP.

Download

Paper Citation

in Harvard Style

Lu Z. and Thing V. (2022). PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection. In Proceedings of the 7th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-564-7, pages 37-46. DOI: 10.5220/0010986700003194

in Bibtex Style

@conference{iotbds22,
author={Zhi Lu and Vrizlynn Thing},
title={PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection},
booktitle={Proceedings of the 7th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2022},
pages={37-46},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010986700003194},
isbn={978-989-758-564-7},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection
SN - 978-989-758-564-7
AU - Lu Z.
AU - Thing V.
PY - 2022
SP - 37
EP - 46
DO - 10.5220/0010986700003194