The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset.

A note on methods for explainable malware analysis

Cardillo F. A.;Debole F.;Straccia U.;
2025

Abstract

The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset.
Campo DC Valore Lingua
dc.authority.anceserie CEUR WORKSHOP PROCEEDINGS en
dc.authority.orgunit Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI en
dc.authority.orgunit Istituto di linguistica computazionale "Antonio Zampolli" - ILC en
dc.authority.people Homola M. en
dc.authority.people Anthony P. en
dc.authority.people Bečková I. en
dc.authority.people Kľuka J. en
dc.authority.people Mojžiš J. en
dc.authority.people Švec P. en
dc.authority.people Balogh S. en
dc.authority.people Cardillo F. A. en
dc.authority.people Debole F. en
dc.authority.people Straccia U. en
dc.authority.people Kenyeres M. en
dc.authority.people Giannini F. en
dc.authority.people Diligenti M. en
dc.authority.people Gori M. en
dc.authority.people Bisták T. en
dc.authority.people Trizna D. en
dc.authority.people Adams Z. en
dc.authority.project corda__h2020::6f474d55706a6e476baf8708cedff110 en
dc.collection.id.s 71c7200a-7c5f-4e83-8d57-d3d2ba88f40d *
dc.collection.name 04.01 Contributo in Atti di convegno *
dc.contributor.appartenenza Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI *
dc.contributor.appartenenza Istituto di linguistica computazionale "Antonio Zampolli" - ILC *
dc.contributor.appartenenza.mi 918 *
dc.contributor.appartenenza.mi 973 *
dc.contributor.area Non assegn *
dc.contributor.area Non assegn *
dc.contributor.area Non assegn *
dc.date.accessioned 2026/03/04 12:55:35 -
dc.date.available 2026/03/04 12:55:35 -
dc.date.firstsubmission 2026/03/04 09:41:12 *
dc.date.issued 2025 -
dc.date.submission 2026/03/04 11:27:58 *
dc.description.abstracteng The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset. -
dc.description.allpeople Homola, M.; Anthony, P.; Bečková, I.; Kľuka, J.; Mojžiš, J.; Švec, P.; Balogh, S.; Cardillo, F. A.; Debole, F.; Straccia, U.; Kenyeres, M.; Giannini, F.; Diligenti, M.; Gori, M.; Bisták, T.; Trizna, D.; Adams, Z. -
dc.description.allpeopleoriginal Homola M.; Anthony P.; Bečková I.; Kľuka J.; Mojžiš J.; Švec P.; Balogh S.; Cardillo F.A.; Debole F.; Straccia U.; Kenyeres M.; Giannini F.; Diligenti M.; Gori M.; Bisták T.; Trizna D.; Adams Z. en
dc.description.fulltext open en
dc.description.international si en
dc.description.note colocated with The International Conference on Formal Ontology in Information Systems (FOIS 2025) en
dc.description.numberofauthors 17 -
dc.identifier.scopus 2-s2.0-105039579526 -
dc.identifier.source manual *
dc.identifier.uri https://hdl.handle.net/20.500.14243/570881 -
dc.identifier.url https://ceur-ws.org/Vol-4176/shields-3.pdf en
dc.language.iso eng en
dc.publisher.name CEUR-WP en
dc.relation.conferencedate 08-12/09/2025 en
dc.relation.conferencename JOWO 2025 - Joint Ontology Workshops en
dc.relation.conferenceplace Catania, Italy en
dc.relation.ispartofbook Episode XI: The Sicilian Summer under the Etna en
dc.relation.medium ELETTRONICO en
dc.relation.numberofpages 14 en
dc.relation.projectAcronym XAI en
dc.relation.projectAwardNumber 834756 en
dc.relation.projectAwardTitle Science and technology for the explanation of AI decision making en
dc.relation.projectFunderName European Commission en
dc.relation.projectFundingStream Horizon 2020 Framework Programme en
dc.relation.volume 4176 en
dc.subject.keywordseng Malware analysis, explainable AI, ontology, EMBER dataset -
dc.subject.singlekeyword Malware analysis *
dc.subject.singlekeyword explainable AI *
dc.subject.singlekeyword ontology *
dc.subject.singlekeyword EMBER dataset *
dc.title A note on methods for explainable malware analysis en
dc.type.circulation Internazionale en
dc.type.driver info:eu-repo/semantics/conferenceObject -
dc.type.full 04 Contributo in convegno::04.01 Contributo in Atti di convegno it
dc.type.miur 273 -
iris.mediafilter.data 2026/03/05 03:25:25 *
iris.orcid.lastModifiedDate 2026/07/10 11:37:20 *
iris.orcid.lastModifiedMillisecond 1783676240127 *
iris.scopus.extIssued 2025 -
iris.scopus.extTitle A Note on Methods for Explainable Malware Analysis -
iris.scopus.ideLinkStatusDate 2026/07/10 11:37:20 *
iris.scopus.ideLinkStatusMillisecond 1783676240151 *
iris.sitodocente.maxattempts 1 -
scopus.authority.anceserie CEUR WORKSHOP PROCEEDINGS###1613-0073 *
scopus.category 1700 *
scopus.contributor.affiliation Comenius University in Bratislava -
scopus.contributor.affiliation Comenius University in Bratislava -
scopus.contributor.affiliation Comenius University in Bratislava -
scopus.contributor.affiliation Comenius University in Bratislava -
scopus.contributor.affiliation Slovak Academy of Sciences -
scopus.contributor.affiliation Slovak Technical University -
scopus.contributor.affiliation Slovak Technical University -
scopus.contributor.affiliation CNR -
scopus.contributor.affiliation CNR -
scopus.contributor.affiliation CNR -
scopus.contributor.affiliation Slovak Academy of Sciences -
scopus.contributor.affiliation Scuola Normale Superiore -
scopus.contributor.affiliation University of Siena -
scopus.contributor.affiliation University of Siena -
scopus.contributor.affiliation Comenius University in Bratislava -
scopus.contributor.affiliation Regional Development and Informatization -
scopus.contributor.affiliation Comenius University in Bratislava -
scopus.contributor.afid 60001987 -
scopus.contributor.afid 60001987 -
scopus.contributor.afid 60001987 -
scopus.contributor.afid 60001987 -
scopus.contributor.afid 60009799 -
scopus.contributor.afid 60006861 -
scopus.contributor.afid 60006861 -
scopus.contributor.afid 60008941 -
scopus.contributor.afid 60085207 -
scopus.contributor.afid 60085207 -
scopus.contributor.afid 60009799 -
scopus.contributor.afid 60030674 -
scopus.contributor.afid 60002838 -
scopus.contributor.afid 60002838 -
scopus.contributor.afid 60001987 -
scopus.contributor.afid 134254945 -
scopus.contributor.afid 60001987 -
scopus.contributor.auid 8935340300 -
scopus.contributor.auid 59147907900 -
scopus.contributor.auid 57220039418 -
scopus.contributor.auid 55838403000 -
scopus.contributor.auid 7003337322 -
scopus.contributor.auid 57222520631 -
scopus.contributor.auid 54419444300 -
scopus.contributor.auid 57191090133 -
scopus.contributor.auid 22333451000 -
scopus.contributor.auid 12760566600 -
scopus.contributor.auid 54389331800 -
scopus.contributor.auid 57200215660 -
scopus.contributor.auid 55972544500 -
scopus.contributor.auid 7005254436 -
scopus.contributor.auid 58690965300 -
scopus.contributor.auid 59911604900 -
scopus.contributor.auid 59911476200 -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Italy -
scopus.contributor.country Italy -
scopus.contributor.country Italy -
scopus.contributor.country Slovakia -
scopus.contributor.country Italy -
scopus.contributor.country Italy -
scopus.contributor.country Italy -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.country Slovakia -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid -
scopus.contributor.dptid 112175247 -
scopus.contributor.dptid 107879673 -
scopus.contributor.dptid 107879673 -
scopus.contributor.dptid -
scopus.contributor.dptid 134255709 -
scopus.contributor.dptid -
scopus.contributor.name Martin -
scopus.contributor.name Peter -
scopus.contributor.name Iveta -
scopus.contributor.name Ján -
scopus.contributor.name Ján -
scopus.contributor.name Peter -
scopus.contributor.name Štefan -
scopus.contributor.name Franco Alberto -
scopus.contributor.name Franca -
scopus.contributor.name Umberto -
scopus.contributor.name Martin -
scopus.contributor.name Francesco -
scopus.contributor.name Michelangelo -
scopus.contributor.name Marco -
scopus.contributor.name Tomáš -
scopus.contributor.name Daniel -
scopus.contributor.name Zekeri -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation Institute of Informatics; -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation Istituto di Linguistica Computazionale; -
scopus.contributor.subaffiliation Istituto di Scienza e Tecnologie dell’Informazione; -
scopus.contributor.subaffiliation Istituto di Scienza e Tecnologie dell’Informazione; -
scopus.contributor.subaffiliation Institute of Informatics; -
scopus.contributor.subaffiliation Faculty of Sciences; -
scopus.contributor.subaffiliation Department of Information Engineering and Mathematics; -
scopus.contributor.subaffiliation Department of Information Engineering and Mathematics; -
scopus.contributor.subaffiliation -
scopus.contributor.subaffiliation CSIRT.SK;Ministry of Investment; -
scopus.contributor.subaffiliation -
scopus.contributor.surname Homola -
scopus.contributor.surname Anthony -
scopus.contributor.surname Bečková -
scopus.contributor.surname Kľuka -
scopus.contributor.surname Mojžiš -
scopus.contributor.surname Švec -
scopus.contributor.surname Balogh -
scopus.contributor.surname Cardillo -
scopus.contributor.surname Debole -
scopus.contributor.surname Straccia -
scopus.contributor.surname Kenyeres -
scopus.contributor.surname Giannini -
scopus.contributor.surname Diligenti -
scopus.contributor.surname Gori -
scopus.contributor.surname Bisták -
scopus.contributor.surname Trizna -
scopus.contributor.surname Adams -
scopus.date.issued 2025 *
scopus.description.abstracteng The inevitable rise of machine learning in malware analysis puts forward the need for human-understandable explanations of the learned results. We point out how the ontological representation of malware data provides a suitable language for the construction of such explanations. We then focus on possible methods that enable producing such explanations and we reflect on our experience with them in the context of the EMBER dataset. *
scopus.description.allpeopleoriginal Homola M.; Anthony P.; Beckova I.; Kluka J.; Mojzis J.; Svec P.; Balogh S.; Cardillo F.A.; Debole F.; Straccia U.; Kenyeres M.; Giannini F.; Diligenti M.; Gori M.; Bistak T.; Trizna D.; Adams Z. *
scopus.differences scopus.relation.conferencename *
scopus.differences scopus.publisher.name *
scopus.differences scopus.subject.keywords *
scopus.differences scopus.relation.conferencedate *
scopus.differences scopus.description.allpeopleoriginal *
scopus.differences scopus.relation.conferenceplace *
scopus.document.type cp *
scopus.document.types cp *
scopus.identifier.pui 651232164 *
scopus.identifier.scopus 2-s2.0-105039579526 *
scopus.journal.sourceid 21100218356 *
scopus.language.iso eng *
scopus.publisher.name CEUR-WS *
scopus.relation.conferencedate 2025 *
scopus.relation.conferencename 2025 Joint Ontology Workshops, JOWO - Episode 11: The Sicilian Summer under the Etna *
scopus.relation.conferenceplace ita *
scopus.relation.volume 4176 *
scopus.subject.keywords EMBER dataset; explainable AI; Malware analysis; ontology; *
scopus.title A Note on Methods for Explainable Malware Analysis *
scopus.titleeng A Note on Methods for Explainable Malware Analysis *
Appare nelle tipologie: 04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
shields-3.pdf

accesso aperto

Descrizione: A Note on Methods for Explainable Malware Analysis
Tipologia: Versione Editoriale (PDF)
Licenza: Creative commons
Dimensione 761.54 kB
Formato Adobe PDF
761.54 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/570881
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact