Go to DBLP homepageInterpretable Malware Classification based on Functional Analysis
Abstract: Malware is the crux of cyber-attacks, especially in the attacks of critical cyber(-physical) infrastructures, such as financial systems, transportation systems, smart grids, etc. Malware classification has caught extensive attention because it can help security personnel to discern the intent and severity of a piece of malware before appropriate actions will be taken to secure a critical cyber infrastructure. Existing machine learning-based malware classification methods have limitations on either their performance or their abilities to interpret the results. In this paper, we propose a novel malware classification model based on functional analysis of malware samples with the interpretability to show the importance of each function to a classification result. Experiment results show that our model outperforms existing state-of-the-art methods in malware family and severity classification and provide meaningful interpretations.
Loading