The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset.
A note on methods for explainable malware analysis
Cardillo F. A.;Debole F.;Straccia U.;
2025
Abstract
The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset.| Campo DC | Valore | Lingua |
|---|---|---|
| dc.authority.anceserie | CEUR WORKSHOP PROCEEDINGS | en |
| dc.authority.orgunit | Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI | en |
| dc.authority.orgunit | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | en |
| dc.authority.people | Homola M. | en |
| dc.authority.people | Anthony P. | en |
| dc.authority.people | Bečková I. | en |
| dc.authority.people | Kľuka J. | en |
| dc.authority.people | Mojžiš J. | en |
| dc.authority.people | Švec P. | en |
| dc.authority.people | Balogh S. | en |
| dc.authority.people | Cardillo F. A. | en |
| dc.authority.people | Debole F. | en |
| dc.authority.people | Straccia U. | en |
| dc.authority.people | Kenyeres M. | en |
| dc.authority.people | Giannini F. | en |
| dc.authority.people | Diligenti M. | en |
| dc.authority.people | Gori M. | en |
| dc.authority.people | Bisták T. | en |
| dc.authority.people | Trizna D. | en |
| dc.authority.people | Adams Z. | en |
| dc.authority.project | corda__h2020::6f474d55706a6e476baf8708cedff110 | en |
| dc.collection.id.s | 71c7200a-7c5f-4e83-8d57-d3d2ba88f40d | * |
| dc.collection.name | 04.01 Contributo in Atti di convegno | * |
| dc.contributor.appartenenza | Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI | * |
| dc.contributor.appartenenza | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | * |
| dc.contributor.appartenenza.mi | 918 | * |
| dc.contributor.appartenenza.mi | 973 | * |
| dc.contributor.area | Non assegn | * |
| dc.contributor.area | Non assegn | * |
| dc.contributor.area | Non assegn | * |
| dc.date.accessioned | 2026/03/04 12:55:35 | - |
| dc.date.available | 2026/03/04 12:55:35 | - |
| dc.date.firstsubmission | 2026/03/04 09:41:12 | * |
| dc.date.issued | 2025 | - |
| dc.date.submission | 2026/03/04 11:27:58 | * |
| dc.description.abstracteng | The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset. | - |
| dc.description.allpeople | Homola, M.; Anthony, P.; Bečková, I.; Kľuka, J.; Mojžiš, J.; Švec, P.; Balogh, S.; Cardillo, F. A.; Debole, F.; Straccia, U.; Kenyeres, M.; Giannini, F.; Diligenti, M.; Gori, M.; Bisták, T.; Trizna, D.; Adams, Z. | - |
| dc.description.allpeopleoriginal | Homola M.; Anthony P.; Bečková I.; Kľuka J.; Mojžiš J.; Švec P.; Balogh S.; Cardillo F.A.; Debole F.; Straccia U.; Kenyeres M.; Giannini F.; Diligenti M.; Gori M.; Bisták T.; Trizna D.; Adams Z. | en |
| dc.description.fulltext | open | en |
| dc.description.international | si | en |
| dc.description.note | colocated with The International Conference on Formal Ontology in Information Systems (FOIS 2025) | en |
| dc.description.numberofauthors | 17 | - |
| dc.identifier.scopus | 2-s2.0-105039579526 | - |
| dc.identifier.source | manual | * |
| dc.identifier.uri | https://hdl.handle.net/20.500.14243/570881 | - |
| dc.identifier.url | https://ceur-ws.org/Vol-4176/shields-3.pdf | en |
| dc.language.iso | eng | en |
| dc.publisher.name | CEUR-WP | en |
| dc.relation.conferencedate | 08-12/09/2025 | en |
| dc.relation.conferencename | JOWO 2025 - Joint Ontology Workshops | en |
| dc.relation.conferenceplace | Catania, Italy | en |
| dc.relation.ispartofbook | Episode XI: The Sicilian Summer under the Etna | en |
| dc.relation.medium | ELETTRONICO | en |
| dc.relation.numberofpages | 14 | en |
| dc.relation.projectAcronym | XAI | en |
| dc.relation.projectAwardNumber | 834756 | en |
| dc.relation.projectAwardTitle | Science and technology for the explanation of AI decision making | en |
| dc.relation.projectFunderName | European Commission | en |
| dc.relation.projectFundingStream | Horizon 2020 Framework Programme | en |
| dc.relation.volume | 4176 | en |
| dc.subject.keywordseng | Malware analysis, explainable AI, ontology, EMBER dataset | - |
| dc.subject.singlekeyword | Malware analysis | * |
| dc.subject.singlekeyword | explainable AI | * |
| dc.subject.singlekeyword | ontology | * |
| dc.subject.singlekeyword | EMBER dataset | * |
| dc.title | A note on methods for explainable malware analysis | en |
| dc.type.circulation | Internazionale | en |
| dc.type.driver | info:eu-repo/semantics/conferenceObject | - |
| dc.type.full | 04 Contributo in convegno::04.01 Contributo in Atti di convegno | it |
| dc.type.miur | 273 | - |
| iris.mediafilter.data | 2026/03/05 03:25:25 | * |
| iris.orcid.lastModifiedDate | 2026/07/10 11:37:20 | * |
| iris.orcid.lastModifiedMillisecond | 1783676240127 | * |
| iris.scopus.extIssued | 2025 | - |
| iris.scopus.extTitle | A Note on Methods for Explainable Malware Analysis | - |
| iris.scopus.ideLinkStatusDate | 2026/07/10 11:37:20 | * |
| iris.scopus.ideLinkStatusMillisecond | 1783676240151 | * |
| iris.sitodocente.maxattempts | 1 | - |
| scopus.authority.anceserie | CEUR WORKSHOP PROCEEDINGS###1613-0073 | * |
| scopus.category | 1700 | * |
| scopus.contributor.affiliation | Comenius University in Bratislava | - |
| scopus.contributor.affiliation | Comenius University in Bratislava | - |
| scopus.contributor.affiliation | Comenius University in Bratislava | - |
| scopus.contributor.affiliation | Comenius University in Bratislava | - |
| scopus.contributor.affiliation | Slovak Academy of Sciences | - |
| scopus.contributor.affiliation | Slovak Technical University | - |
| scopus.contributor.affiliation | Slovak Technical University | - |
| scopus.contributor.affiliation | CNR | - |
| scopus.contributor.affiliation | CNR | - |
| scopus.contributor.affiliation | CNR | - |
| scopus.contributor.affiliation | Slovak Academy of Sciences | - |
| scopus.contributor.affiliation | Scuola Normale Superiore | - |
| scopus.contributor.affiliation | University of Siena | - |
| scopus.contributor.affiliation | University of Siena | - |
| scopus.contributor.affiliation | Comenius University in Bratislava | - |
| scopus.contributor.affiliation | Regional Development and Informatization | - |
| scopus.contributor.affiliation | Comenius University in Bratislava | - |
| scopus.contributor.afid | 60001987 | - |
| scopus.contributor.afid | 60001987 | - |
| scopus.contributor.afid | 60001987 | - |
| scopus.contributor.afid | 60001987 | - |
| scopus.contributor.afid | 60009799 | - |
| scopus.contributor.afid | 60006861 | - |
| scopus.contributor.afid | 60006861 | - |
| scopus.contributor.afid | 60008941 | - |
| scopus.contributor.afid | 60085207 | - |
| scopus.contributor.afid | 60085207 | - |
| scopus.contributor.afid | 60009799 | - |
| scopus.contributor.afid | 60030674 | - |
| scopus.contributor.afid | 60002838 | - |
| scopus.contributor.afid | 60002838 | - |
| scopus.contributor.afid | 60001987 | - |
| scopus.contributor.afid | 134254945 | - |
| scopus.contributor.afid | 60001987 | - |
| scopus.contributor.auid | 8935340300 | - |
| scopus.contributor.auid | 59147907900 | - |
| scopus.contributor.auid | 57220039418 | - |
| scopus.contributor.auid | 55838403000 | - |
| scopus.contributor.auid | 7003337322 | - |
| scopus.contributor.auid | 57222520631 | - |
| scopus.contributor.auid | 54419444300 | - |
| scopus.contributor.auid | 57191090133 | - |
| scopus.contributor.auid | 22333451000 | - |
| scopus.contributor.auid | 12760566600 | - |
| scopus.contributor.auid | 54389331800 | - |
| scopus.contributor.auid | 57200215660 | - |
| scopus.contributor.auid | 55972544500 | - |
| scopus.contributor.auid | 7005254436 | - |
| scopus.contributor.auid | 58690965300 | - |
| scopus.contributor.auid | 59911604900 | - |
| scopus.contributor.auid | 59911476200 | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.country | Slovakia | - |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | 112175247 | - |
| scopus.contributor.dptid | 107879673 | - |
| scopus.contributor.dptid | 107879673 | - |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | 134255709 | - |
| scopus.contributor.dptid | - | |
| scopus.contributor.name | Martin | - |
| scopus.contributor.name | Peter | - |
| scopus.contributor.name | Iveta | - |
| scopus.contributor.name | Ján | - |
| scopus.contributor.name | Ján | - |
| scopus.contributor.name | Peter | - |
| scopus.contributor.name | Štefan | - |
| scopus.contributor.name | Franco Alberto | - |
| scopus.contributor.name | Franca | - |
| scopus.contributor.name | Umberto | - |
| scopus.contributor.name | Martin | - |
| scopus.contributor.name | Francesco | - |
| scopus.contributor.name | Michelangelo | - |
| scopus.contributor.name | Marco | - |
| scopus.contributor.name | Tomáš | - |
| scopus.contributor.name | Daniel | - |
| scopus.contributor.name | Zekeri | - |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | Institute of Informatics; | - |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | Istituto di Linguistica Computazionale; | - |
| scopus.contributor.subaffiliation | Istituto di Scienza e Tecnologie dell’Informazione; | - |
| scopus.contributor.subaffiliation | Istituto di Scienza e Tecnologie dell’Informazione; | - |
| scopus.contributor.subaffiliation | Institute of Informatics; | - |
| scopus.contributor.subaffiliation | Faculty of Sciences; | - |
| scopus.contributor.subaffiliation | Department of Information Engineering and Mathematics; | - |
| scopus.contributor.subaffiliation | Department of Information Engineering and Mathematics; | - |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | CSIRT.SK;Ministry of Investment; | - |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.surname | Homola | - |
| scopus.contributor.surname | Anthony | - |
| scopus.contributor.surname | Bečková | - |
| scopus.contributor.surname | Kľuka | - |
| scopus.contributor.surname | Mojžiš | - |
| scopus.contributor.surname | Švec | - |
| scopus.contributor.surname | Balogh | - |
| scopus.contributor.surname | Cardillo | - |
| scopus.contributor.surname | Debole | - |
| scopus.contributor.surname | Straccia | - |
| scopus.contributor.surname | Kenyeres | - |
| scopus.contributor.surname | Giannini | - |
| scopus.contributor.surname | Diligenti | - |
| scopus.contributor.surname | Gori | - |
| scopus.contributor.surname | Bisták | - |
| scopus.contributor.surname | Trizna | - |
| scopus.contributor.surname | Adams | - |
| scopus.date.issued | 2025 | * |
| scopus.description.abstracteng | The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset. | * |
| scopus.description.allpeopleoriginal | Homola M.; Anthony P.; Beckova I.; Kluka J.; Mojzis J.; Svec P.; Balogh S.; Cardillo F.A.; Debole F.; Straccia U.; Kenyeres M.; Giannini F.; Diligenti M.; Gori M.; Bistak T.; Trizna D.; Adams Z. | * |
| scopus.differences | scopus.relation.conferencename | * |
| scopus.differences | scopus.publisher.name | * |
| scopus.differences | scopus.subject.keywords | * |
| scopus.differences | scopus.relation.conferencedate | * |
| scopus.differences | scopus.description.allpeopleoriginal | * |
| scopus.differences | scopus.relation.conferenceplace | * |
| scopus.document.type | cp | * |
| scopus.document.types | cp | * |
| scopus.identifier.pui | 651232164 | * |
| scopus.identifier.scopus | 2-s2.0-105039579526 | * |
| scopus.journal.sourceid | 21100218356 | * |
| scopus.language.iso | eng | * |
| scopus.publisher.name | CEUR-WS | * |
| scopus.relation.conferencedate | 2025 | * |
| scopus.relation.conferencename | 2025 Joint Ontology Workshops, JOWO - Episode 11: The Sicilian Summer under the Etna | * |
| scopus.relation.conferenceplace | ita | * |
| scopus.relation.volume | 4176 | * |
| scopus.subject.keywords | EMBER dataset; explainable AI; Malware analysis; ontology; | * |
| scopus.title | A Note on Methods for Explainable Malware Analysis | * |
| scopus.titleeng | A Note on Methods for Explainable Malware Analysis | * |
| Appare nelle tipologie: | 04.01 Contributo in Atti di convegno | |
File in questo prodotto:
| File | Dimensione | Formato | |
|---|---|---|---|
|
shields-3.pdf
accesso aperto
Descrizione: A Note on Methods for Explainable Malware Analysis
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
761.54 kB
Formato
Adobe PDF
|
761.54 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.


