The article describes a customizable and self-aware system for the static detection of malware that uses multiple datasets and an ensemble approach based on classification. To address the issue of concept drift and drift of features in evolving malware, we develop the Self-Aware Model Classifier (SAMC). This confidence-based routing strategy enables continual selection between a legacy VotingClassifier (trained on EMBER 2018) and an optimized XGBoost model (trained on EMBER 2024). In the case where both models have low confidence in their decisions, SAMC employs a fallback process by combining classifier predictions using weighted probability averaging. Explainable AI utilizing SHAP is also implemented to improve model interpretability by developed a GUI for easy scanning and local analysis for the user. The extensive experiments show that SAMC is superior to using the individual models and naive ensembles of the same models. This research provides several examples of building trust-aware, adaptable, and explainable malware detection systems capable of evolving with real-world threats.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Self-aware Malware Classification via Confidence-Guided Model Routing and Explainable Feature Attribution

  • Iliyan Barzev,
  • Daniela Borissova

摘要

The article describes a customizable and self-aware system for the static detection of malware that uses multiple datasets and an ensemble approach based on classification. To address the issue of concept drift and drift of features in evolving malware, we develop the Self-Aware Model Classifier (SAMC). This confidence-based routing strategy enables continual selection between a legacy VotingClassifier (trained on EMBER 2018) and an optimized XGBoost model (trained on EMBER 2024). In the case where both models have low confidence in their decisions, SAMC employs a fallback process by combining classifier predictions using weighted probability averaging. Explainable AI utilizing SHAP is also implemented to improve model interpretability by developed a GUI for easy scanning and local analysis for the user. The extensive experiments show that SAMC is superior to using the individual models and naive ensembles of the same models. This research provides several examples of building trust-aware, adaptable, and explainable malware detection systems capable of evolving with real-world threats.