Explanation-Driven Characterization of Android Ransomware

Scalas, Michele
;
Giacinto, Giorgio
2021

Abstract

Machine learning is currently successfully used for addressing several cybersecurity detection and classification tasks. Typically, such detectors are modeled through complex learning algorithms employing a wide variety of features. Although these settings allow achieving considerable performances, gaining insights on the learned knowledge turns out to be a hard task. To address this issue, research efforts on the interpretability of machine learning approaches to cybersecurity tasks is currently rising. In particular, relying on explanations could improve prevention and detection capabilities since they could help human experts to find out the distinctive features that truly characterize malware attacks. In this perspective, Android ransomware represents a serious threat. Leveraging state-of-the-art explanation techniques, we present a first approach that enables the identification of the most influential discriminative features for ransomware characterization. We propose strategies to adopt explanation techniques appropriately and describe ransomware families and their evolution over time. Reported results suggest that our proposal can help cyber threat intelligence teams in the early detection of new ransomware families, and could be applicable to other malware detection systems through the identification of their distinctive features.
Inglese
Pattern Recognition. ICPR International Workshops and Challenges
978-3-030-68795-3
978-3-030-68796-0
Alberto Del Bimbo, Rita Cucchiara, Stan Sclaroff, Giovanni Maria Farinella, Tao Mei, Marco Bertini, Hugo Jair Escalante, Roberto Vezzani
12663
228
242
15
EDL-AI - Explainable Deep Learning/AI
Contributo
Esperti anonimi
January 10–15, 2021
Virtual Event
internazionale
scientifica
Android Ransomware Malware detection Interpretability Machine learning
4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno
Scalas, Michele; Rieck, Konrad; Giacinto, Giorgio
273
3
4.1 Contributo in Atti di convegno
reserved
info:eu-repo/semantics/conferencePaper
Files in This Item:
File Size Format  
ICPR_WS_2020___Explanation_driven_Characterization_of_Android_Ransomware.pdf

Solo gestori archivio

Type: versione pre-print
Size 765.11 kB
Format Adobe PDF
765.11 kB Adobe PDF & nbsp; View / Open   Request a copy

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Questionnaire and social

Share on:
Impostazioni cookie