Can We Trust Your Explanations? Sanity Checks for Interpreters in Android Malware Analysis

by   Ming Fan, et al.

With the rapid growth of Android malware, many machine learning-based malware analysis approaches are proposed to mitigate the severe phenomenon. However, such classifiers are opaque, non-intuitive, and difficult for analysts to understand the inner decision reason. For this reason, a variety of explanation approaches are proposed to interpret predictions by providing important features. Unfortunately, the explanation results obtained in the malware analysis domain cannot achieve a consensus in general, which makes the analysts confused about whether they can trust such results. In this work, we propose principled guidelines to assess the quality of five explanation approaches by designing three critical quantitative metrics to measure their stability, robustness, and effectiveness. Furthermore, we collect five widely-used malware datasets and apply the explanation approaches on them in two tasks, including malware detection and familial identification. Based on the generated explanation results, we conduct a sanity check of such explanation approaches in terms of the three metrics. The results demonstrate that our metrics can assess the explanation approaches and help us obtain the knowledge of most typical malicious behaviors for malware analysis.



There are no comments yet.


page 1


Analyzing, Comparing, and Detecting Emerging Malware: A Graph-based Approach

The growth in the number of Android and Internet of Things (IoT) devices...

Obfuscation-resilient Android Malware Analysis Based on Contrastive Learning

Due to its open-source nature, Android operating system has been the mai...

EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning

The Android operating system has become the most popular operating syste...

Regularizing Reasons for Outfit Evaluation with Gradient Penalty

In this paper, we build an outfit evaluation system which provides feedb...

Towards Interpretable Ensemble Learning for Image-based Malware Detection

Deep learning (DL) models for image-based malware detection have exhibit...

Evaluation Criteria for Instance-based Explanation

Explaining predictions made by complex machine learning models helps use...

Do Gradient-based Explanations Tell Anything About Adversarial Robustness to Android Malware?

Machine-learning algorithms trained on features extracted from static co...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.