The revolution and vision of explainable AI for Android malware detection and protection

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2024-08-06 DOI:10.1016/j.iot.2024.101320

Shamsher Ullah , Jianqiang Li , Farhan Ullah , Jie Chen , Ikram Ali , Salabat Khan , Abdul Ahad , Victor C.M. Leung

{"title":"The revolution and vision of explainable AI for Android malware detection and protection","authors":"Shamsher Ullah , Jianqiang Li , Farhan Ullah , Jie Chen , Ikram Ali , Salabat Khan , Abdul Ahad , Victor C.M. Leung","doi":"10.1016/j.iot.2024.101320","DOIUrl":null,"url":null,"abstract":"<div><p>The rise and exponential growth in complexity and widespread use of Android mobile devices have resulted in corresponding detrimental consequences within the realm of cyber-attacks. The Android-based device platform is now facing significant challenges from several attack vectors, including but not limited to denial of service (DoS), botnets, phishing, social engineering, malware, and other forms of cyber threats. Among the many threats faced by users, it has been observed that instances of malware attacks against Android phones have become a frequent and regular phenomenon. In contrast to previous studies that concentrated on evaluating the detection skills of machine learning (ML) classifiers in determining the causes, our research is primarily focused on the revolution and vision of eXplainable AI (XAI) for Android malware detection and protection. The XAI that we have presented aims to investigate how machine learning-based models acquire knowledge during the training phase. Our proposed XAI main goal is to study and figure out what makes machine learning-based malware classifiers work so well in controlled lab settings that might not accurately reflect real-life situations. It has been observed that the presence of temporal sample irregularities within the training dataset leads to inflated classification performance, resulting in too optimistic F1 scores and accuracy rates of up to 96.11%, 90.24%, and 99.48% respectively.</p></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":null,"pages":null},"PeriodicalIF":6.0000,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524002610","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rise and exponential growth in complexity and widespread use of Android mobile devices have resulted in corresponding detrimental consequences within the realm of cyber-attacks. The Android-based device platform is now facing significant challenges from several attack vectors, including but not limited to denial of service (DoS), botnets, phishing, social engineering, malware, and other forms of cyber threats. Among the many threats faced by users, it has been observed that instances of malware attacks against Android phones have become a frequent and regular phenomenon. In contrast to previous studies that concentrated on evaluating the detection skills of machine learning (ML) classifiers in determining the causes, our research is primarily focused on the revolution and vision of eXplainable AI (XAI) for Android malware detection and protection. The XAI that we have presented aims to investigate how machine learning-based models acquire knowledge during the training phase. Our proposed XAI main goal is to study and figure out what makes machine learning-based malware classifiers work so well in controlled lab settings that might not accurately reflect real-life situations. It has been observed that the presence of temporal sample irregularities within the training dataset leads to inflated classification performance, resulting in too optimistic F1 scores and accuracy rates of up to 96.11%, 90.24%, and 99.48% respectively.

查看原文本刊更多论文

用于安卓恶意软件检测和保护的可解释人工智能的革命和愿景

随着安卓移动设备的兴起和指数级增长，其复杂性和广泛使用给网络攻击领域带来了相应的负面影响。基于安卓的设备平台目前正面临着来自多种攻击载体的重大挑战，包括但不限于拒绝服务（DoS）、僵尸网络、网络钓鱼、社交工程、恶意软件和其他形式的网络威胁。在用户面临的众多威胁中，据观察，针对安卓手机的恶意软件攻击事件已成为一种频繁发生的常规现象。与以往研究集中于评估机器学习（ML）分类器在确定原因方面的检测技能不同，我们的研究主要集中于用于安卓恶意软件检测和保护的可解释人工智能（XAI）的革命和愿景。我们提出的 XAI 旨在研究基于机器学习的模型如何在训练阶段获取知识。我们提出的 XAI 的主要目标是研究并弄清是什么让基于机器学习的恶意软件分类器在受控实验室环境下工作得如此出色，而这些环境可能无法准确反映现实生活中的情况。据观察，训练数据集中存在的时间样本不规则性会导致分类性能膨胀，从而导致过于乐观的 F1 分数和准确率分别高达 96.11%、90.24% 和 99.48%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.