Explaining Black-Box Malware Detectors: A Machine Learning Approach for Behaviour Analysis
Brozik, A., Gashi, I.
ORCID: 0000-0002-8017-3184 & Salako, K.
ORCID: 0000-0003-0394-7833 (2025).
Explaining Black-Box Malware Detectors: A Machine Learning Approach for Behaviour Analysis.
In:
2025 20th European Dependable Computing Conference (EDCC).
European Dependable Computing Conference, 8-11 Apr 2025, Lisbon, Portgual.
doi: 10.1109/EDCC66201.2025.00029
Abstract
The escalating complexity and diversity of malware threats present a significant challenge to the cybersecurity domain. Dynamic malware detection methods developed to combat these threats are often complex, black-box systems. This paper proposes a machine learning method for approximating and analyzing black-box malware detectors without privileged access, using only the malware executables and their detection outputs.
Our solution leverages a pre-trained model optimized to interpret Windows API call sequences. Employing a studentteacher learning strategy, the model learns the behaviour of Windows malware detectors, requiring only samples of malicious and benign executables, along with the detector’s output for each sample. We validate the effectiveness of our solution by approximating an artificial black-box detector with known behaviour patterns. Furthermore, we propose an evaluation method to compare the behaviour patterns of the black-box and student models.
Our experiments demonstrate these capabilities, achieving a 95% accuracy rate approximating our artificial black-box detector with a small number of training samples.
| Publication Type: | Conference or Workshop Item (Paper) |
|---|---|
| Additional Information: | © 2025 IEEE. This accepted manuscript is made available under the terms of the Creative Commons Attribution License (CC-BY), which permits unrestricted use, distribution and reproduction in any medium, provided the original work is properly cited. |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Departments: | School of Science & Technology School of Science & Technology > Department of Computer Science |
| SWORD Depositor: |
Available under License Creative Commons Attribution.
Download (502kB) | Preview
Export
Downloads
Downloads per month over past year
Metadata
Metadata