PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection
Zhi Lu, Vrizlynn L. L. Thing
TL;DR
PhilaeX is a novel explainable AI method that identifies key features influencing malware detection models, providing high-fidelity explanations and outperforming existing methods like LIME and SHAP.
Contribution
Introduces PhilaeX, a new heuristic approach for explaining AI predictions in malware detection, focusing on feature attribution and explanation fidelity.
Findings
PhilaeX accurately identifies activated features in adversarial malware samples.
It provides higher fidelity explanations compared to LIME and SHAP.
The method is effective across different classifier types.
Abstract
The explanation to an AI model's prediction used to support decision making in cyber security, is of critical importance. It is especially so when the model's incorrect prediction can lead to severe damages or even losses to lives and critical assets. However, most existing AI models lack the ability to provide explanations on their prediction results, despite their strong performance in most scenarios. In this work, we propose a novel explainable AI method, called PhilaeX, that provides the heuristic means to identify the optimized subset of features to form the complete explanations of AI models' predictions. It identifies the features that lead to the model's borderline prediction, and those with positive individual contributions are extracted. The feature attributions are then quantified through the optimization of a Ridge regression model. We verify the explanation fidelity through…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsShapley Additive Explanations · Local Interpretable Model-Agnostic Explanations