Full Program
Summary:
Due to the escalating proliferation of malware in the Microsoft Windows environment, effective detection methods have become crucial. Moreover, many existing approaches lack transparency and do not adequately manage personal data in compliance with government regulations. This paper proposes a method to detect malware in the Windows domain by leveraging Federated Machine Learning and explainability. Specifically, we transformed a dataset of malicious and trustworthy Portable Executable and Object Linking and Embedding files belonging to the Windows environment into grayscale images. As the next step, we train multiple models on non-Independent and Identically Distributed data to better represent a real-world scenario, both with and without Differential Privacy norm, to evaluate its impact on privacy and performance. After selecting the most accurate models, we employed the Gradient-weighted Class Activation Mapping algorithm to visualize the most influential features, enhancing interpretability and trust in predictions.Author(s):
Giovanni Ciaramella
IMT School for Advanced Studies Lucca & Institute for Informatics and Telematics, National Research Council of Italy (CNR)
Italy
Fabio Martinelli
Institute for High Performance Computing and Networking, National Research Council of Italy (CNR)
Italy
Antonella Santone
University of Molise
Italy
Francesco Mercaldo
University of Molise & Institute for Informatics and Telematics, National Research Council of Italy (CNR)
Italy