Edinburgh Research Explorer

A Text-Mining Approach to Explain Unwanted Behaviours

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Original languageEnglish
Title of host publicationEuroSec '16 Proceedings of the 9th European Workshop on System Security
PublisherACM
Number of pages6
ISBN (Print)978-1-4503-4295-7
DOIs
Publication statusPublished - 18 Apr 2016
Event9th European Workshop on System Security - London, United Kingdom
Duration: 18 Apr 201621 Apr 2016
http://eurosys16.doc.ic.ac.uk/

Conference

Conference9th European Workshop on System Security
Abbreviated titleEuroSys 2016
CountryUnited Kingdom
CityLondon
Period18/04/1621/04/16
Internet address

Abstract

Current machine-learning-based malware detection seldom provides information about why an app is considered bad. We study the automatic explanation of unwanted behaviours in mobile malware, e.g., sending premium SMS messages. Our approach combines machine learning and text mining techniques to produce explanations in natural language. It selects keywords from features used in malware classifiers, and presents the sentences chosen from human-authored malware analysis reports by using these keywords. The explanation elaborates how a system decision was made. As far as we know, this is the first attempt to generate explanations in natural language by mining the reports written by human malware analysts, resulting in a scalable and entirely data-driven method.

Event

9th European Workshop on System Security

18/04/1621/04/16

London, United Kingdom

Event: Conference

Download statistics

No data available

ID: 25027489