Titolo:  Explanation-Driven Characterization of Android Ransomware
Data di pubblicazione:  2021
Autori:  Scalas, Michele; Rieck, Konrad; Giacinto, Giorgio
Presenza coautori internazionali: 
Lingua:  Inglese
Titolo del libro:  Pattern Recognition. ICPR International Workshops and Challenges
ISBN:  978-3-030-68795-3
Tutti i curatori:  Alberto Del Bimbo, Rita Cucchiara, Stan Sclaroff, Giovanni Maria Farinella, Tao Mei, Marco Bertini, Hugo Jair Escalante, Roberto Vezzani
Sezione:  Contributo
Volume:  12663
Pagina iniziale:  228
Pagina finale:  242
Numero di pagine:  15
Digital Object Identifier (DOI):  http://dx.doi.org/10.1007/978-3-030-68796-0_17
Codice identificativo Scopus:  2-s2.0-85104351059
Revisione (peer review):  Esperti anonimi
Nome del convegno:  EDL-AI - Explainable Deep Learning/AI
Periodo del convegno:  January 10–15, 2021
Luogo del convegno:  Virtual Event
Abstract:  Machine learning is currently successfully used for addressing several cybersecurity detection and classification tasks. Typically, such detectors are modeled through complex learning algorithms employing a wide variety of features. Although these settings allow achieving considerable performances, gaining insights on the learned knowledge turns out to be a hard task. To address this issue, research efforts on the interpretability of machine learning approaches to cybersecurity tasks is currently rising. In particular, relying on explanations could improve prevention and detection capabilities since they could help human experts to find out the distinctive features that truly characterize malware attacks. In this perspective, Android ransomware represents a serious threat. Leveraging state-of-the-art explanation techniques, we present a first approach that enables the identification of the most influential discriminative features for ransomware characterization. We propose strategies to adopt explanation techniques appropriately and describe ransomware families and their evolution over time. Reported results suggest that our proposal can help cyber threat intelligence teams in the early detection of new ransomware families, and could be applicable to other malware detection systems through the identification of their distinctive features.
Tipologia: 4.1 Contributo in Atti di convegno

File in questo prodotto:
File Descrizione Tipologia Licenza  
ICPR_WS_2020___Explanation_driven_Characterization_of_Android_Ransomware.pdf  versione pre-print Administrator   Richiedi una copia

Questionario e social

Condividi su: