An Explainable Machine Learning Model for Predicting Unknown Malware Using Network Traffic

Authors

  • Hussein Ali Ghadhban Salman, Amir Jalaly Bidgoly, Somayyeh Fallah

Keywords:

Malware detection, explainable AI, machine learning, deep learning, unknown malware.

Abstract

Due to the increasing complexity of malware threats, early detection of malware is a prominent issue in the world of network security. Identifying malware using artificial intelligence approaches has a huge perspective for the security of the cyber world. Despite the many researches that have been done in this field to detect malware, the lack of interpretability of artificial intelligence models leads to the fact that users do not have enough confidence in the results predicted by the model. Explaining the prediction of an AI model can be the right basis for judging the final result of AI methods. In this work, we propose a new explainable AI method to interpret and investigate which features can be more effective in detecting future emerging malware. For this purpose, we carry out checks in two stages. First, we examine the ability of deep and shallow models to correctly detect malware. The evaluation results showed that BLSTM and BLSTM-GRU deep learning models were able to detect unknown traffic attacks with a high accuracy of 89%. In the second step, we extract the effective features in the model that had the best performance. Then, we will interpret and explain why these features led to high accuracy in the output results.

Downloads

Download data is not yet available.

References

A. Abusitta, M. Q. Li, and B. C. Fung, “Malware classification and composition analysis: A survey of recent developments,” Journal of Information Security and Applications, vol. 59, p. 102828, 2021.

S. Morgan, “Cybercrime to cost the world 8 trillion annually in 2023,” Available online: https://cybersecurityventures.com, 2022.

A. Demontis, M. Melis, B. Biggio, D. Maiorca, D. Arp,

K. Rieck, I. Corona, G. Giacinto, and F. Roli, “Yes, machine learning can be more secure! a case study on android malware detection,” IEEE transactions on dependable and secure computing, vol. 16, no. 4, pp. 711–724, 2017.

J. Yan, Y. Qi, and Q. Rao, “Lstm-based hierarchical denoising network for android malware detection,” Security and Com- munication Networks, vol. 2018, pp. 1–18, 2018.

F. Charmet, H. C. Tanuwidjaja, S. Ayoubi, P.-F. Gimenez,

Y. Han, H. Jmila, G. Blanc, T. Takahashi, and Z. Zhang, “Ex- plainable artificial intelligence for cybersecurity: a literature survey,” Annals of Telecommunications, vol. 77, no. 11-12,

pp. 789–812, 2022.

S. Fallah and A. J. Bidgoly, “Android malware detection using network traffic based on sequential deep learning models,” Software: Practice and Experience, vol. 52, no. 9, pp. 1987– 2004, 2022.

——, “Benchmarking machine learning algorithms for an- droid malware detection,” Jordanian Journal of Computers and Information Technology, vol. 5, no. 3, 2019.

J.-Y. Kim and S.-B. Cho, “Obfuscated malware detection using deep generative model based on global/local features,” Computers & Security, vol. 112, p. 102501, 2022.

X. Xing, X. Jin, H. Elahi, H. Jiang, and G. Wang, “A malware detection approach using autoencoder in deep learning,” IEEE Access, vol. 10, pp. 25 696–25 706, 2022.

C. Li, Q. Lv, N. Li, Y. Wang, D. Sun, and Y. Qiao, “A novel deep framework for dynamic malware detection based on api sequence intrinsic features,” Computers & Security, vol. 116,

p. 102686, 2022.

M. Asam, S. H. Khan, A. Akbar, S. Bibi, T. Jamal, A. Khan,

U. Ghafoor, and M. R. Bhutta, “Iot malware detection architecture using a novel channel boosted and squeezed cnn,” Scientific Reports, vol. 12, no. 1, p. 15498, 2022.

S. R. T. Mat, M. F. Ab Razak, M. N. M. Kahar, J. M. Arif,

and A. Firdaus, “A bayesian probability model for android malware detection,” ICT Express, vol. 8, no. 3, pp. 424–431, 2022.

R. Chaganti, V. Ravi, and T. D. Pham, “Deep learning based cross architecture internet of things malware detection and classification,” Computers & Security, vol. 120, p. 102779, 2022.

K. Shaukat, S. Luo, and V. Varadharajan, “A novel deep learning-based approach for malware detection,” Engineering Applications of Artificial Intelligence, vol. 122, p. 106030, 2023.

O. J. Falana, A. S. Sodiya, S. A. Onashoga, and B. S. Badmus, “Mal-detect: An intelligent visualization approach for malware detection,” Journal of King Saud University- Computer and Information Sciences, vol. 34, no. 5, pp. 1968– 1983, 2022.

B. Urooj, M. A. Shah, C. Maple, M. K. Abbasi, and S. Ri- asat, “Malware detection: a framework for reverse engineered android applications through machine learning algorithms,” IEEE Access, vol. 10, pp. 89 031–89 050, 2022.

J. H. Jimenez and K. Goseva-Popstojanova, “Malware detec- tion using power consumption and network traffic data,” in 2019 2nd International Conference on Data Intelligence and Security (ICDIS). IEEE, 2019, pp. 53–59.

Y. Wu, J. Shi, P. Wang, D. Zeng, and C. Sun, “Deepcatra: Learning flow-and graph-based behaviours for android mal- ware detection,” IET Information Security, vol. 17, no. 1, pp. 118–130, 2023.

S. Hariharan, A. Velicheti, A. Anagha, C. Thomas, and

N. Balakrishnan, “Explainable artificial intelligence in cyber- security: A brief review,” in 2021 4th International Confer- ence on Security and Privacy (ISEA-ISAP). IEEE, 2021, pp. 1–12.

N. Capuano, G. Fenza, V. Loia, and C. Stanzione, “Explain- able artificial intelligence in cybersecurity: A survey,” IEEE Access, vol. 10, pp. 93 575–93 600, 2022.

F. Ullah, A. Alsirhani, M. M. Alshahrani, A. Alomari,

H. Naeem, and S. A. Shah, “Explainable malware detection system using transformers-based transfer learning and multi- model visual representation,” Sensors, vol. 22, no. 18, p. 6766, 2022.

Z. Zhang, H. Al Hamadi, E. Damiani, C. Y. Yeun, and

F. Taher, “Explainable artificial intelligence applications in cyber security: State-of-the-art in research,” IEEE Access, 2022.

Y. Liu, C. Tantithamthavorn, L. Li, and Y. Liu, “Explainable ai for android malware detection: Towards understanding why the models perform so well?” in 2022 IEEE 33rd In- ternational Symposium on Software Reliability Engineering (ISSRE). IEEE, 2022, pp. 169–180.

S. Gulmez, A. G. Kakisim, and I. Sogukpinar, “Xran: Ex- plainable deep learning-based ransomware detection using dynamic analysis,” Computers & Security, vol. 139, p. 103703, 2024.

A. H. Lashkari, A. F. A. Kadir, L. Taheri, and A. A. Ghor- bani, “Toward developing a systematic approach to generate benchmark android malware datasets and classification,” in 2018 International Carnahan conference on security technol- ogy (ICCST). IEEE, 2018, pp. 1–7.

A. Saranya and R. Subhashini, “A systematic review of explainable artificial intelligence models and applications: Recent developments and future trends,” Decision analytics journal, p. 100230, 2023.

V. Arya, R. K. Bellamy, P.-Y. Chen, A. Dhurandhar,

M. Hind, S. C. Hoffman, S. Houde, Q. V. Liao, R. Luss,

A. Mojsilović et al., “One explanation does not fit all: A toolkit and taxonomy of ai explainability techniques,” arXiv preprint arXiv:1909.03012, 2019.

M. T. Ribeiro, S. Singh, and C. Guestrin, “" why should i trust you?" explaining the predictions of any classifier,” in Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining, 2016,

pp. 1135–1144.

S. M. Lundberg and S.-I. Lee, “A unified approach to inter- preting model predictions,” Advances in neural information processing systems, vol. 30, 2017.

S. Wachter, B. Mittelstadt, and C. Russell, “Counterfactual explanations without opening the black box: Automated decisions and the gdpr,” Harv. JL & Tech., vol. 31, p. 841, 2017.

Downloads

Published

06.08.2024

How to Cite

Hussein Ali Ghadhban Salman. (2024). An Explainable Machine Learning Model for Predicting Unknown Malware Using Network Traffic. International Journal of Intelligent Systems and Applications in Engineering, 12(23s), 393–403. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/6880

Issue

Section

Research Article

Similar Articles

You may also start an advanced similarity search for this article.