Due to the escalating proliferation of malware in the Microsoft Windows environment, effective detection methods have become crucial. Moreover, many existing approaches lack transparency and do not adequately manage personal data in compliance with government regulations. This paper proposes a method to detect malware in the Windows domain by leveraging Federated Machine Learning and explainability. Specifically, we transformed a dataset of malicious and trustworthy Portable Executable and Object Linking and Embedding files belonging to the Windows environment into grayscale images. As the next step, we train multiple models on non-Independent and Identically Distributed data to better represent a real-world scenario, both with and without Differential Privacy norm, to evaluate its impact on privacy and performance. After selecting the most accurate models, we employed the Gradient-weighted Class Activation Mapping algorithm to visualize the most influential features, enhancing interpretability and trust in predictions.
Explainable malware detection by means of federated machine learning / Ciaramella, Giovanni; Martinelli, Fabio; Santone, Antonella; Mercaldo, Francesco. - (2025), pp. 975-982. ( CSR 2025 - 5th IEEE International Conference on Cyber Security and Resilience Chania, Greece 4-6/08/2025) [10.1109/csr64739.2025.11130004].
Explainable malware detection by means of federated machine learning
Ciaramella Giovanni
;
2025
Abstract
Due to the escalating proliferation of malware in the Microsoft Windows environment, effective detection methods have become crucial. Moreover, many existing approaches lack transparency and do not adequately manage personal data in compliance with government regulations. This paper proposes a method to detect malware in the Windows domain by leveraging Federated Machine Learning and explainability. Specifically, we transformed a dataset of malicious and trustworthy Portable Executable and Object Linking and Embedding files belonging to the Windows environment into grayscale images. As the next step, we train multiple models on non-Independent and Identically Distributed data to better represent a real-world scenario, both with and without Differential Privacy norm, to evaluate its impact on privacy and performance. After selecting the most accurate models, we employed the Gradient-weighted Class Activation Mapping algorithm to visualize the most influential features, enhancing interpretability and trust in predictions.| File | Dimensione | Formato | |
|---|---|---|---|
|
Explainable_Malware_Detection_by_means_of_Federated_Machine_Learning.pdf
non disponibili
Descrizione: Explainable Malware Detection by means of Federated Machine Learning
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
6.67 MB
Formato
Adobe PDF
|
6.67 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
