Explainable Machine Learning For Malware Detection Using Ensemble Bagging Algorithms

Abstract

Vulnerabilities in various software products can be used to attack the security systems in any organization anywhere. Malware is downloaded after a click on the hyperlink by the unsuspecting user and used as the exploitation tool for the vulnerabilities in systems for attacks. Detecting a large number of malware effectively can be possible by machine learning. However, Machine learning based systems have misclassification as false positives and false negatives. Novelty in this paper is to improve the efficiency and robustness of ensemble bagging algorithm Extra tree to detect malware effectively and robustly by explainable machine learning. The paper uses waterfall plots based on Shapley value to detect the trends in features for misclassification. The trends in the five topmost features for misclassification are used to make inductive rules. The inductive rules are applied to overcome misclassification and enhance the performance of bagging algorithms. The inductive rules can be applied to effectively detect unknown future malware known as zero-day malware preventing the attack on security systems. The accuracy for the Extra tree bagging algorithm is 98.1% for future unknown malware. Considering, that the misclassified samples are also detected by the inductive rules the accuracy is 100%. Heatmap based on Shapley value of features confirms the topmost features for all the misclassified samples in the dataset and strengthens the inductive rule.