The Road Less Traveled: Investigating Robustness and Explainability in CNN Malware Detection
By: Matteo Brosolo, Vinod Puthuvath, Mauro Conti
Potential Business Impact:
Shows how computers spot bad software.
Machine learning has become a key tool in cybersecurity, improving both attack strategies and defense mechanisms. Deep learning models, particularly Convolutional Neural Networks (CNNs), have demonstrated high accuracy in detecting malware images generated from binary data. However, the decision-making process of these black-box models remains difficult to interpret. This study addresses this challenge by integrating quantitative analysis with explainability tools such as Occlusion Maps, HiResCAM, and SHAP to better understand CNN behavior in malware classification. We further demonstrate that obfuscation techniques can reduce model accuracy by up to 50%, and propose a mitigation strategy to enhance robustness. Additionally, we analyze heatmaps from multiple tests and outline a methodology for identification of artifacts, aiding researchers in conducting detailed manual investigations. This work contributes to improving the interpretability and resilience of deep learning-based intrusion detection systems
Similar Papers
Through the Static: Demystifying Malware Visualization via Explainability
Cryptography and Security
Helps computers spot bad files by showing how they think.
A Novel Study on Intelligent Methods and Explainable AI for Dynamic Malware Analysis
Cryptography and Security
Makes computer security programs easier to understand.
Optimized Approaches to Malware Detection: A Study of Machine Learning and Deep Learning Techniques
Cryptography and Security
Finds computer viruses faster and more accurately.