Empirical Quantification of Spurious Correlations in Malware Detection
By: Bianca Perasso , Ludovico Lozza , Andrea Ponte and more
Potential Business Impact:
Finds hidden computer virus tricks.
End-to-end deep learning exhibits unmatched performance for detecting malware, but such an achievement is reached by exploiting spurious correlations -- features with high relevance at inference time, but known to be useless through domain knowledge. While previous work highlighted that deep networks mainly focus on metadata, none investigated the phenomenon further, without quantifying their impact on the decision. In this work, we deepen our understanding of how spurious correlation affects deep learning for malware detection by highlighting how much models rely on empty spaces left by the compiler, which diminishes the relevance of the compiled code. Through our seminal analysis on a small-scale balanced dataset, we introduce a ranking of two end-to-end models to better understand which is more suitable to be put in production.
Similar Papers
Severing Spurious Correlations with Data Pruning
Machine Learning (CS)
Cleans computer learning data to prevent mistakes.
Optimized Approaches to Malware Detection: A Study of Machine Learning and Deep Learning Techniques
Cryptography and Security
Finds computer viruses faster and more accurately.
The Road Less Traveled: Investigating Robustness and Explainability in CNN Malware Detection
Cryptography and Security
Shows how computers spot bad software.