Artificial Intelligence (AI) has significantly improved malware classification by enhancing detection accuracy and efficiency. However, the opaque nature of many AI models presents a major challenge in cybersecurity, as security analysts often struggle to trust or fully understand the decisions made by these systems. This lack of transparency impedes adoption in real-world applications where explainability is crucial for risk assessment, incident response, and compliance. This research explores the application of Explainable AI (XAI) techniques to bridge the gap between accuracy and interpretability in AI-driven malware classification. We investigate the integration of SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) with various machine learning models (Random Forest, Logistic Regression, Gradient Boosting, and Gaussian Naïve Bayes) trained on a practical malware dataset. Through empirical evaluation, we assess the trade-offs between explainability and performance, measuring accuracy, F1-score, and the utility of explanations. Our findings indicate that Random Forest offers the best balance of high performance and consistent interpretability, while Gradient Boosting achieves the highest raw detection rates. The study highlights the feasibility of integrating XAI into cybersecurity tools, enabling more transparent, accountable, and actionable malware classification models, thereby addressing the “black-box” problem and fostering greater trust and utility in AI-driven security operations.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Explainable AI for Malware Classification: Bridging the Gap Between Accuracy and Transparency

  • Frenki Muça,
  • Wassim Ahmad

摘要

Artificial Intelligence (AI) has significantly improved malware classification by enhancing detection accuracy and efficiency. However, the opaque nature of many AI models presents a major challenge in cybersecurity, as security analysts often struggle to trust or fully understand the decisions made by these systems. This lack of transparency impedes adoption in real-world applications where explainability is crucial for risk assessment, incident response, and compliance. This research explores the application of Explainable AI (XAI) techniques to bridge the gap between accuracy and interpretability in AI-driven malware classification. We investigate the integration of SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) with various machine learning models (Random Forest, Logistic Regression, Gradient Boosting, and Gaussian Naïve Bayes) trained on a practical malware dataset. Through empirical evaluation, we assess the trade-offs between explainability and performance, measuring accuracy, F1-score, and the utility of explanations. Our findings indicate that Random Forest offers the best balance of high performance and consistent interpretability, while Gradient Boosting achieves the highest raw detection rates. The study highlights the feasibility of integrating XAI into cybersecurity tools, enabling more transparent, accountable, and actionable malware classification models, thereby addressing the “black-box” problem and fostering greater trust and utility in AI-driven security operations.