IXNet: Interpretable and Explainable Deep Attentive Network-based Model for Android Malware Detection

Abstract

The diversity, sophistication, and availability of malware, specifically Android malware, pose an enormous threat to the security of mobile devices. A number of deep learning approaches were proposed to mitigate this issue since deep learning models are suitable for large and complex data. These solutions, however, often put more emphasis on the accuracy of detection rather than detection interpretability. This reckons that there are no adequate studies concerned with understanding the models?�? learning process and logic of inference to the predictions. Thus, there is a need to develop a transparent Android malware detection tool without undermining accuracy. This study aims to address this issue by developing an interpretable and explainable deep attentive network, IXNet, which consists of parallel components for detection and interpretation. The interpreter component performs instance-wise feature selection providing a focal point for more tuned decisions, and the detector component uses the selected features to make the hidden feature representation and final detection. Generally, the proposed network traces the learning process and decision path made by the detector to provide an interpretation of the decision made. The learned concepts are extracted using two mechanisms; Multi-head Self-attention and Layer-wise Backward Relevance Propagation. The attention mechanism traces the internal working principle during the training, and the decision-making process of the model during the testing phase, whereas the relevance propagation attends to the learning progress of the model during the training session in real-time. Several experiments were done using two datasets; Drebin and MalMem, where the proposed network-based model performed splendidly on both datasets. The experimen