We leverage the applicability of AI-based malware detection systems by identifying their strengths and vulnerabilities using subgroup discovery.
Keeping end-user devices safe is a daunting and challenging task, as malware spreads across every kind of operating system. To cope with such an enormous amount of data, many anti-malware solutions are empowered by machine learning and data-driven AI algorithms. However, such algorithms fail to generalize well outside their training data distribution.
The problem is exacerbated as (i) malware developers constantly manipulate their malicious samples to bypass detection and (ii) it is difficult to interpret the decisions of AI models and, consequently, their failure cases and how to mitigate them. To cope with these issues, AI models are frequently retrained on past and newly collected data, demanding constant human intervention and dedicated resources.
QuantPi is funded by the European Commission to work on a project to improve the practical applicability of malware detection systems by introducing novel quality criteria that go beyond the current state of the art. While existing approaches rely on global average error statistics and suffer from high false alarm rates, our project aims to address these limitations through the application of subgroup discovery algorithms, a groundbreaking approach in the context of malware detection.
By leveraging subgroup discovery, we aim to enable a more granular evaluation of malware detection systems, allowing for the identification of local regions of higher accuracy or error, and potential higher-order explanations for unexpected behavior. This innovative approach not only provides a more comprehensive understanding of the domain of applicability of different malware detection systems, but also enables cost-sensitive aware subgroup detection, leading to more efficient and effective mitigation strategies.