Explainable machine learning-based cybersecurity detection using LIME and Secml

Abstract

The field of Explainable Artificial Intelligence (XAI) has gained significant momentum in recent years. This discipline is focused on developing novel approaches to explain and interpret the functioning of machine learning algorithms. As machine learning techniques increasingly adopt “black box” methods, there is growing confusion about how these algorithms work and make decisions. This uncertainty has made it challenging to implement machine learning in sensitive and critical fields. To address this issue, research in machine learning interpretability has become crucial. One particular area that requires attention is the detection process and classification of malware. Handling and preparing data for malware detection poses significant difficulties for machine learning algorithms. Thus, explainability is a critical requirement in current research. Our research leverages XAI, a novel design of explainable artificial intelligence that uses cybersecurity data to gain knowledge about the composition of malware from the Microsoft large benchmark dataset-Microsoft Malware Classification Challenge (BIG 2015). We use the LIME explainability technique and the Secml python library to develop explainable prediction results about the class of malware. We achieved 94% accuracy using Decision Tree classifier.