Publication Type
Journal Article
Version
acceptedVersion
Publication Date
1-2021
Abstract
With the rapid growth of Android malware, many machine learning-based malware analysis approaches are proposed to mitigate the severe phenomenon. However, such classifiers are opaque, non-intuitive, and difficult for analysts to understand the inner decision reason. For this reason, a variety of explanation approaches are proposed to interpret predictions by providing important features. Unfortunately, the explanation results obtained in the malware analysis domain cannot achieve a consensus in general, which makes the analysts confused about whether they can trust such results. In this work, we propose principled guidelines to assess the quality of five explanation approaches by designing three critical quantitative metrics to measure their stability, robustness, and effectiveness. Furthermore, we collect five widely-used malware datasets and apply the explanation approaches on them in two tasks, including malware detection and familial identification. Based on the generated explanation results, we conduct a sanity check of such explanation approaches in terms of the three metrics. The results demonstrate that our metrics can assess the explanation approaches and help us obtain the knowledge of most typical malicious behaviors for malware analysis.
Keywords
Android malware, Explanation approaches, Stability, Robustness, Effectiveness
Discipline
Information Security | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
IEEE Transactions on Information Forensics and Security
Volume
16
First Page
838
Last Page
853
ISSN
1556-6013
Identifier
10.1109/TIFS.2020.3021924
Publisher
Institute of Electrical and Electronics Engineers
Citation
FAN, Min; WEI, Wenying; XIE, Xiaofei; LIU, Yang; GUAN, Xiaohong; and LIU, Ting.
Can we trust your explanations? Sanity checks for interpreters in android malware analysis. (2021). IEEE Transactions on Information Forensics and Security. 16, 838-853.
Available at: https://ink.library.smu.edu.sg/sis_research/7101
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/TIFS.2020.3021924