A Text-Mining Approach to Explain Unwanted Behaviours

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Current machine-learning-based malware detection seldom provides information about why an app is considered bad. We study the automatic explanation of unwanted behaviours in mobile malware, e.g., sending premium SMS messages. Our approach combines machine learning and text mining techniques to produce explanations in natural language. It selects keywords from features used in malware classifiers, and presents the sentences chosen from human-authored malware analysis reports by using these keywords. The explanation elaborates how a system decision was made. As far as we know, this is the first attempt to generate explanations in natural language by mining the reports written by human malware analysts, resulting in a scalable and entirely data-driven method.
Original languageEnglish
Title of host publicationEuroSec '16 Proceedings of the 9th European Workshop on System Security
Number of pages6
ISBN (Print)978-1-4503-4295-7
Publication statusPublished - 18 Apr 2016
Event9th European Workshop on System Security - London, United Kingdom
Duration: 18 Apr 201621 Apr 2016


Conference9th European Workshop on System Security
Abbreviated titleEuroSys 2016
Country/TerritoryUnited Kingdom
Internet address


Dive into the research topics of 'A Text-Mining Approach to Explain Unwanted Behaviours'. Together they form a unique fingerprint.

Cite this