Domain-specific requirements for explainable AI methods applied to Android malware detection

Mobile devices have become indispensable in the last decade, and the world has seen an explosive growth of mobile application markets. This growth has attracted various adversaries, and nowadays the threat of mobile malware has become one of the key cyber security challenges. Given the deluge of mobile apps to check, thorough manual inspection is no longer feasible. Therefore, machine learning and AI-based approaches have emerged as the solution. Still, it is not satisfactory to only be able to classify an app as malicious or benign: security analysts need to understand why this classification decision was taken. Explainable AI (XAI) methods are then applied for interpreting the classification model and advising the security analysts why a certain sample is recognized as malicious.

In this talk I will introduce the Android malware detection problem and the existing XAI approaches applied in this area. I will then discuss domain-specific requirements for XAI methods that security analysts have and will formulate properties that express these requirements. I will also compare several established XAI methods based on these desired properties, and sketch future XAI research directions that can help our society to combat malware. 

• artificial intelligence
• sails