Malware detection is a challenging application due to the rapid evolution of attack techniques, and traditional signature-based approaches struggle with the high volume of malware samples. Machine learning approaches face such limitation, but lack a clear interpretability, whereas interpretable models often underperform. This paper proposes to use Logic Explained Networks (LENs), a recently proposed class of interpretable neural networks that provide explanations using First-Order Logic rules, for malware detection. Applied to the EMBER dataset, LENs show robustness superior to traditional interpretable methods and performance comparable to black-box models. Additionally, we introduce a tailored LEN version improving the fidelity of logic-based explanations.
Malware detection is crucial in cybersecurity due to the rapid evolution of attack techniques, and
traditional signature-based methods from companies like Comodo, Kaspersky, and Symantec
struggle to keep up with the millions of new malware samples each year [
Recently, Logic Explained Networks (LENs) [
This paper makes three main contributions: (i) it shows that Logic Explained Networks are efective for malware detection, providing meaningful explanations and predictive performance comparable to state-of-the-art black box models while outperforming other interpretable models, (ii) it introduces an improved rule extraction process for LENs, enhancing scalability, fidelity, complexity, and predictive accuracy, and (iii) it ofers an in-depth analysis of the extracted rules, evaluating their fidelity, complexity, and accuracy as input feature size increases.
Machine Learning Approaches. Machine learning techniques are commonly used to train malware detectors and uncover complex patterns in malicious software [10, 11, 12]. While deep learning shows promising results due to its ability to learn from large datasets and generalize to unknown samples [13], several limitations remain, including low generalization performance for unseen malware samples. Moreover, classical machine learning models act as black-boxes, hindering explainability. In security-critical domains, interpretability is crucial for trust and legal compliance [14, 15, 16, 17]. Indeed, cybersecurity experts need insights into model decisions to enhance system trustworthiness.
Interpretable AI Models. Interpretable models (e.g., linear regression, decision trees) ofer
explanations, but struggle with complex features [18]. These methods prioritize
interpretability over performance, unlike deep neural networks [19]. To address this trade-of, various
techniques have been proposed. One such method is permutation feature importance, which
interprets a wide range of machine learning models but comes with high computational costs [20].
Additionally, surrogate model methods like LIME [21] and SHAP [22] approximate the target
model using interpretable models. However, their expressive ability may not match that of the
complex target model, leading to inaccurate interpretations [
Logic Explained Networks [
Formally, a LEN can be defined as a map from = [
As a special case, in malware detection we have = 2 classes, i.e. {malware, benign}. In
general, for each sample , with ∈ {1, . . . , }, a prediction () = 1 is locally explained
by the conjunction of the most relevant input features () = ⋀︀∈()(¬) , where is
a logic predicate associated with the -th input feature, and () is the set of relevant input
features for the -th task. Notice that each can occur as a positive or negative ¬ literal,
according to a given threshold (e.g. 0.5). The most representative local explanations can be
aggregated to get a global explanation = ⋁︀()∈() (), where () collects the -most
frequent local explanations for the class in the training set. We will refer later to such global
explanations as raw LEN explanations. To prevent too complex global explanations, Gabriele
et al. [
Standard LEN explanations are more accessible than raw ones but still have some drawbacks,
such as (i) determining the optimal -value can be computationally intensive, (ii) selecting
top- local explanations based on their individual accuracy tends to select explanations that
increase false positives rate, due to favoring high recall over precision, which is not preferable
to construct a robust discrimination against malware. To enhance global LEN explanations
for malware detection, this paper introduces what we call the Tailored-LEN explanation
method, which uses a line search optimization to find the best threshold for choosing the
right combination of local explanations, and removing terms from outlier samples to improve
explanation quality. More specifically, we used a precision threshold to aggregate the local
explanations, aiming to reduce false positives and avoid misrepresenting the model. Then,
Model
LGBM[
No No No No No No Yes Yes Yes Yes Yes an optimization process iteratively adjusts this threshold to find an optimal balance between precision and recall. The best solution is a simplified formula that improves validation accuracy, and only beneficial local explanations are included in the final Tailored-LEN global explanation. The details of this method can be found in Algorithm 1 in the Appendix.
All the experiments carried out in this section are based on the EMBER dataset [9], a well-known
dataset for malware detection with 800, 000 labelled (400, 000 benign and 400, 000 malicious)
and 300, 000 unlabelled samples, respectively. For our experimental analysis we utilized the
version with derived features, as defined by Mojžiš and Kenyeres [
Comparison against black-box models. We compare LENs with black-box models using the full EMBER dataset, with 600k samples allocated for training and 200k samples for testing. We also evaluated the performances of LENs varying diferent subsets’ size of the most informative features, ranging from 10 to 2000 features, to observe the impact on the model’s results. Results. Table 1 shows that LENs have high performances in malware detection, achieving an accuracy of at least 92.07% and an F1-score of 92.17% with a minimum of 100 features. The performances are slightly lower with the full feature set, possibly due to the feature binarization process, which increases the feature dimensionality and potentially introduces noise. Despite this, LENs closely match the best deep-learning black-box models, with less than a 5% diference in most metrics. Notably, LENs are competitive even with a small feature set and maintain high generalization capabilities with larger feature sizes. In addition, the key advantage of LENs over black-box models is their interpretability, which provides insights into the decision-making process.
Comparison against interpretable approaches. We identified two significant
contributions for interpretable malware detection using the EMBER dataset: (i) the concept learning
method by Švec et al. [
LEN Raw Explanation 0.65 TSatailonrdeadr-dL-ELNENExEpxlpl
LEN 0.60 5.0 7.5 10.0 12.5 15.0 17.5 20.0 22.5 25.0
Feature Size (a) Comparison based on accuracy 1.0 1.0
Fidelities over different Feature Sizes 1.0 0.98 0.96 decision tree models, their performance is on par with the J48-ESFS model.
Analysis of provided Explanations. The Tailored-LEN explanation method (Section 4) was
evaluated against the Raw-LEN and Standard-LEN methods proposed in the original paper [
This paper studies the application of Logic Explained Networks to malware detection. The conducted experiments demonstrate that LENs can attain performance comparable to complex black-box neural models, while maintaining explenability and outperforming other interpretable machine learning alternatives in terms of eficacy.
Furthermore, this study introduces a novel algorithm designed to extract global explanations from LENs. This algorithm improves the predictive precision of LENs, while yielding explanations characterized by both elevated fidelity and reduced complexity. The findings support the claim that LENs are a promising candidate for the integration of explainable methodologies into malware detectors.
This work was supported by the TAILOR Collaboration Exchange Fund (CEF) under the European Union’s Horizon 2020 research and innovation program GA No 952215. This work has been also supported by the Partnership Extended PE00000013 - “FAIR - Future Artificial Intelligence Research” - Spoke 1 “Human-centered AI”. The work was also sponsored by the Slovak Republic under the grant no. APVV-19-0220 (ORBIS). [9] H. S. Anderson, P. Roth, Ember: an open dataset for training static pe malware machine learning models, arXiv preprint arXiv:1804.04637 (2018). [10] S. Millar, N. McLaughlin, J. Martinez del Rincon, P. Miller, Z. Zhao, Dandroid: A multiview discriminative adversarial network for obfuscated android malware detection, in: Proceedings of the tenth ACM conference on data and application security and privacy, 2020, pp. 353–364. [11] S. Millar, N. McLaughlin, J. M. del Rincon, P. Miller, Multi-view deep learning for zeroday android malware detection, Journal of Information Security and Applications 58 (2021) 102718. URL: https://www.sciencedirect.com/science/article/pii/S2214212620308577. doi:https://doi.org/10.1016/j.jisa.2020.102718. [12] Y. Ye, L. Chen, S. Hou, W. Hardy, X. Li, Deepam: a heterogeneous deep learning framework for intelligent malware detection, Knowledge and Information Systems 54 (2018) 265–285. [13] P. S. H. K. J. Hirpara, Exploring the diverse applications of deep learning across multiple domains, Recent Research Reviews Journal 4 (2023) 100692. URL: https://irojournals.com/ rrrj/articles/view/2/1/16. doi:http://dx.doi.org/10.36548/rrrj.2023.1.16. [14] G. Iadarola, F. Martinelli, F. Mercaldo, A. Santone, Towards an interpretable deep learning model for mobile malware detection and family identification, Computers & Security 105 (2021) 102198. URL: https://www.sciencedirect.com/science/article/pii/S0167404821000225. doi:https://doi.org/10.1016/j.cose.2021.102198. [15] A. Mills, T. Spyridopoulos, P. Legg, Eficient and interpretable real-time malware detection using random-forest, in: 2019 International conference on cyber situational awareness, data analytics and assessment (Cyber SA), IEEE, 2019, pp. 1–8. [16] B. Marais, T. Quertier, C. Chesneau, Malware analysis with artificial intelligence and a particular attention on results interpretability, in: Distributed Computing and Artificial Intelligence, Volume 1: 18th International Conference 18, Springer, 2022, pp. 43–55. [17] J. Dolejš, M. Jureček, Interpretability of machine learning-based results of malware detection using a set of rules, in: Artificial Intelligence for Cybersecurity, Springer, 2022, pp. 107–136. [18] A. Orlenko, J. H. Moore, A comparison of methods for interpreting random forest models of genetic association in the presence of non-additive interactions, BioData Mining 14 (2021) 9.
URL: https://doi.org/10.1186/s13040-021-00243-0. doi:10.1186/s13040-021-00243-0. [19] H. Xu, X. Zhang, H. Li, G. Xiang, An ensemble of adaptive surrogate models based on local error expectations, Mathematical Problems in Engineering 2021 (2021) 8857417. URL: https://doi.org/10.1155/2021/8857417. doi:10.1155/2021/8857417. [20] F. Fumagalli, M. Muschalik, E. Hüllermeier, B. Hammer, Incremental permutation feature importance (ipfi): towards online explanations on data streams, Machine Learning 112 (2023) 4863–4903. URL: http://dx.doi.org/10.1007/s10994-023-06385-y. doi:10.1007/ s10994-023-06385-y. [21] M. T. Ribeiro, S. Singh, C. Guestrin, " why should i trust you?" explaining the predictions of any classifier, in: Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining, 2016, pp. 1135–1144. [22] S. M. Lundberg, S.-I. Lee, A unified approach to interpreting model predictions, in: I. Guyon, U. V. Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, R. Garnett (Eds.), Advances in Neural Information Processing Systems
Dataset and Pre-processing. The Elastic Malware Benchmark for Empowering Researchers (EMBER), released in 2018 [9], is a well-known dataset of malware samples. The EMBER dataset is the main dataset used throughout this study and provides a comprehensive collection of features extracted from Windows Portable Executable (PE) files. The dataset comprises both benign and malicious samples. It contains features from 1.1 million PE files with diverse attack types, of which 800, 000 are labelled samples (400, 000 benign and 400, 000 malicious), and 300, 000 are unlabelled samples. We harnessed only the labelled samples for our study.
While the EMBER dataset is in JSON format, for our experimental analysis we utilized the
version with derived features, as defined by Mojžiš and Kenyeres [
Feature Selections Methods. Since the majority of interpretable methods have severe
performance limitations and also fail at providing human-readable explanations when a large
feature set is available, we compared our approach against other interpretable models using the
same feature selection techniques used in the original papers. In particular, following what was
done in [
Evaluation Metrics. We evaluated both the LEN model and explanations performance using
standard metrics, i.e. accuracy, precision, recall, False Positive Rate and F1-score. For evaluating
the explanations performance, two additional metrics were employed: Fidelity [
The Fidelity metric measures the extent to which explanations faithfully represent the inner workings of predictive models. Formally, given a data collection, a predictive model (ModelPM), and a model explanation (ModelEx), the Fidelity(ModelEx) is defined as the accuracy obtained when comparing the predictions made by ModelPM and the predictions derived from the explanations ModelEx:
Fidelity =
1 ∑︁ Acc (ModelPM(), ModelEx()) =1 (1) where is the number of samples in the data collection, Acc denotes the accuracy metric, and ModelPM() and ModelEx() represent the predictions made by ModelPM and ModelEx, respectively, for the -th sample . This fidelity metric will serve as a crucial indicator of the trustworthiness of the explanations extracted.
The Complexity metric counts the number of terms in the explanation as a proxy for the human understandability of the explanation.
Algorithm 1 reports the full procedure to get the global explanations for Tailored LENs.
Algorithm 1: Compilation of the global explanations in Tailored LENs.
Input: _, _ , ℎℎ ← _ _ ← FilterExpl(_, ℎℎ) ← EvaluateAcc(_) while not reached optimal accuracy do ℎℎ ← ℎℎ − _ ← FilterExpl(_, ℎℎ) ← EvaluateAcc(_) if > then _ ← _ ← else
break ℎℎ ← _ while not reached optimal accuracy do ℎℎ ← ℎℎ + _ ← FilterExpl(_, ℎℎ) ← EvaluateAcc(_) if > then _ ← _ ← else
break // Optimal accuracy reached
Table 3 shows some local explanations provided by LENs together with some remarks provided
by a cybersecurity expert. The expert highlighted that all the explanations indicated meaningful
reasons for the sample being a malware, and that it is impressive to be able to have this level
of insight into the workings of an ML-based model that was able to process the full EMBER
dataset. At the same time, all explanations were more general and abstract compared to those
derived by concept learning on a fractional dataset [
Cybersecurity expert remarks It points to packed malware that is not .dll and has not debug symbols enabled (which is a typical malware behaviour).
Malware can typically use a section with write and execute permission for self injection.
This also points to packed malware and malware usually has no signature It points to packed (encrypted) code