# Evaluating Explanation Methods for Deep Learning in Security

**Authors:** Alexander Warnecke, Daniel Arp, Christian Wressnegger, Konrad Rieck

arXiv: 1906.02108 · 2020-04-28

## TL;DR

This paper evaluates various explanation methods for deep learning in security, establishing criteria for their effectiveness and robustness, and providing recommendations for their application in malware detection and vulnerability discovery.

## Contribution

It introduces specific criteria for assessing explanation methods in security and compares six popular approaches to guide their effective use.

## Key findings

- Significant differences found between explanation methods in security contexts.
- Certain methods demonstrate higher robustness and efficiency for malware detection.
- Recommendations for selecting appropriate explanation techniques in security systems.

## Abstract

Deep learning is increasingly used as a building block of security systems. Unfortunately, neural networks are hard to interpret and typically opaque to the practitioner. The machine learning community has started to address this problem by developing methods for explaining the predictions of neural networks. While several of these approaches have been successfully applied in the area of computer vision, their application in security has received little attention so far. It is an open question which explanation methods are appropriate for computer security and what requirements they need to satisfy. In this paper, we introduce criteria for comparing and evaluating explanation methods in the context of computer security. These cover general properties, such as the accuracy of explanations, as well as security-focused aspects, such as the completeness, efficiency, and robustness. Based on our criteria, we investigate six popular explanation methods and assess their utility in security systems for malware detection and vulnerability discovery. We observe significant differences between the methods and build on these to derive general recommendations for selecting and applying explanation methods in computer security.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.02108/full.md

## Figures

19 figures with captions in the complete paper: https://tomesphere.com/paper/1906.02108/full.md

## References

57 references — full list in the complete paper: https://tomesphere.com/paper/1906.02108/full.md

---
Source: https://tomesphere.com/paper/1906.02108