Color-coded Attribute Graph: Visual Exploration of Distinctive Traits of IoT-Malware Families

2023 IEEE Symposium on Computers and Communications (ISCC) Pub Date : 2023-07-09 DOI:10.1109/ISCC58397.2023.10217974

Jiaxing Zhou, Tao Ban, Tomohiro Morikawa, Takeshi Takahashi, D. Inoue

{"title":"Color-coded Attribute Graph: Visual Exploration of Distinctive Traits of IoT-Malware Families","authors":"Jiaxing Zhou, Tao Ban, Tomohiro Morikawa, Takeshi Takahashi, D. Inoue","doi":"10.1109/ISCC58397.2023.10217974","DOIUrl":null,"url":null,"abstract":"This study investigates the use of explainable artificial intelligence (XAI) to identify the unique features distinguishing malware families and subspecies. The proposed method, called the color-coded attribute graph (CAG), employs XAI and visualization techniques to create a visual representation of malware samples. The CAG utilizes the feature importance scores (ISs) obtained from a pre-trained classifier model and a scale function to normalize the scores for visualization. The approach assigns each family a representative color. The features are color-coded according to their relevance to the malware family. This work evaluates the proposed method on a dataset of 13,823 Internet of Things malware samples and compares two approaches for feature IS extraction using Linear Support Vector Machine and Local Interpretable Model-Agnostic Explanations. The experimental results demonstrate the effectiveness of the CAG in interpreting machine learning-based methods for malware detection and classification, leading to more accurate analyses.","PeriodicalId":265337,"journal":{"name":"2023 IEEE Symposium on Computers and Communications (ISCC)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC58397.2023.10217974","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This study investigates the use of explainable artificial intelligence (XAI) to identify the unique features distinguishing malware families and subspecies. The proposed method, called the color-coded attribute graph (CAG), employs XAI and visualization techniques to create a visual representation of malware samples. The CAG utilizes the feature importance scores (ISs) obtained from a pre-trained classifier model and a scale function to normalize the scores for visualization. The approach assigns each family a representative color. The features are color-coded according to their relevance to the malware family. This work evaluates the proposed method on a dataset of 13,823 Internet of Things malware samples and compares two approaches for feature IS extraction using Linear Support Vector Machine and Local Interpretable Model-Agnostic Explanations. The experimental results demonstrate the effectiveness of the CAG in interpreting machine learning-based methods for malware detection and classification, leading to more accurate analyses.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

颜色编码属性图:物联网恶意软件家族特征的可视化探索

本研究调查了可解释人工智能(XAI)的使用，以识别区分恶意软件家族和亚种的独特特征。所提出的方法，称为颜色编码属性图(CAG)，采用XAI和可视化技术来创建恶意软件样本的可视化表示。CAG利用从预训练的分类器模型和尺度函数中获得的特征重要性分数(ISs)对分数进行归一化以实现可视化。这种方法为每个家庭分配了一种代表性的颜色。这些特征是根据它们与恶意软件家族的相关性进行颜色编码的。本研究在13823个物联网恶意软件样本的数据集上评估了所提出的方法，并比较了使用线性支持向量机和局部可解释模型不可知解释的两种特征IS提取方法。实验结果证明了CAG在解释基于机器学习的恶意软件检测和分类方法方面的有效性，从而导致更准确的分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2023 IEEE Symposium on Computers and Communications (ISCC)

自引率

0.00%

发文量