Assessing Deep Learning Predictions in Image-Based Malware Detection with Activation Maps

Abstract

Machine learning and deep learning models have been widely adopted to detect malware and protect our cyber infrastructures. The training is the most effective and important element of the artificial intelligence models. Nevertheless, it can be challenging and may require expertise and high-quality data. Inadequate training can be counterproductive, and lead to a model which may not detect the threats or, even worst, being exploited by the attackers. In this regard, the contribution of this short paper is twofold: we propose a method to (i) detect the malware belonging family and (i) provide reasoning about model evaluation and assess model soundness. The rationale behind this work aims to improve the evaluation of image-based deep learning models for malware family detection, especially in supervised learning tasks without recognizable or known patterns in the dataset samples. Our model obtains an overall accuracy of 0.934 in the evaluation of a dataset composed of 15726 real-world malware.