CNR Institutional Research Information System

The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset.

A note on methods for explainable malware analysis

Cardillo F. A.;Debole F.;Straccia U.;
2025

Abstract

The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset.
Campo DC Valore Lingua
dc.authority.anceserie CEUR WORKSHOP PROCEEDINGS en
dc.authority.orgunit Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI en
dc.authority.orgunit Istituto di linguistica computazionale "Antonio Zampolli" - ILC en
dc.authority.people Homola M. en
dc.authority.people Anthony P. en
dc.authority.people Bečková I. en
dc.authority.people Kľuka J. en
dc.authority.people Mojžiš J. en
dc.authority.people Švec P. en
dc.authority.people Balogh S. en
dc.authority.people Cardillo F. A. en
dc.authority.people Debole F. en
dc.authority.people Straccia U. en
dc.authority.people Kenyeres M. en
dc.authority.people Giannini F. en
dc.authority.people Diligenti M. en
dc.authority.people Gori M. en
dc.authority.people Bisták T. en
dc.authority.people Trizna D. en
dc.authority.people Adams Z. en
dc.authority.project corda__h2020::6f474d55706a6e476baf8708cedff110 en
dc.collection.id.s 71c7200a-7c5f-4e83-8d57-d3d2ba88f40d *
dc.collection.name 04.01 Contributo in Atti di convegno *
dc.contributor.appartenenza Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI *
dc.contributor.appartenenza Istituto di linguistica computazionale "Antonio Zampolli" - ILC *
dc.contributor.appartenenza.mi 918 *
dc.contributor.appartenenza.mi 973 *
dc.contributor.area Non assegn *
dc.contributor.area Non assegn *
dc.contributor.area Non assegn *
dc.date.accessioned 2026/03/04 12:55:35 -
dc.date.available 2026/03/04 12:55:35 -
dc.date.firstsubmission 2026/03/04 09:41:12 *
dc.date.issued 2025 -
dc.date.submission 2026/03/04 11:27:58 *
dc.description.abstracteng The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset. -
dc.description.allpeople Homola, M.; Anthony, P.; Bečková, I.; Kľuka, J.; Mojžiš, J.; Švec, P.; Balogh, S.; Cardillo, F. A.; Debole, F.; Straccia, U.; Kenyeres, M.; Giannini, F.; Diligenti, M.; Gori, M.; Bisták, T.; Trizna, D.; Adams, Z. -
dc.description.allpeopleoriginal Homola M.; Anthony P.; Bečková I.; Kľuka J.; Mojžiš J.; Švec P.; Balogh S.; Cardillo F.A.; Debole F.; Straccia U.; Kenyeres M.; Giannini F.; Diligenti M.; Gori M.; Bisták T.; Trizna D.; Adams Z. en
dc.description.fulltext open en
dc.description.international si en
dc.description.note colocated with The International Conference on Formal Ontology in Information Systems (FOIS 2025) en
dc.description.numberofauthors 17 -
dc.identifier.source manual *
dc.identifier.uri https://hdl.handle.net/20.500.14243/570881 -
dc.identifier.url https://ceur-ws.org/Vol-4176/shields-3.pdf en
dc.language.iso eng en
dc.publisher.name CEUR-WP en
dc.relation.conferencedate 08-12/09/2025 en
dc.relation.conferencename JOWO 2025 - Joint Ontology Workshops en
dc.relation.conferenceplace Catania, Italy en
dc.relation.ispartofbook Episode XI: The Sicilian Summer under the Etna en
dc.relation.medium ELETTRONICO en
dc.relation.numberofpages 14 en
dc.relation.projectAcronym XAI en
dc.relation.projectAwardNumber 834756 en
dc.relation.projectAwardTitle Science and technology for the explanation of AI decision making en
dc.relation.projectFunderName European Commission en
dc.relation.projectFundingStream Horizon 2020 Framework Programme en
dc.relation.volume 4176 en
dc.subject.keywordseng Malware analysis, explainable AI, ontology, EMBER dataset -
dc.subject.singlekeyword Malware analysis *
dc.subject.singlekeyword explainable AI *
dc.subject.singlekeyword ontology *
dc.subject.singlekeyword EMBER dataset *
dc.title A note on methods for explainable malware analysis en
dc.type.circulation Internazionale en
dc.type.driver info:eu-repo/semantics/conferenceObject -
dc.type.full 04 Contributo in convegno::04.01 Contributo in Atti di convegno it
dc.type.miur 273 -
iris.mediafilter.data 2026/03/05 03:25:25 *
iris.orcid.lastModifiedDate 2026/03/04 12:55:35 *
iris.orcid.lastModifiedMillisecond 1772625335334 *
iris.sitodocente.maxattempts 1 -
Appare nelle tipologie: 04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
shields-3.pdf

accesso aperto

Descrizione: A Note on Methods for Explainable Malware Analysis
Tipologia: Versione Editoriale (PDF)
Licenza: Creative commons
Dimensione 761.54 kB
Formato Adobe PDF
Visualizza/Apri
761.54 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/570881
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact