4 matches found
PROVEX: Enhancing SOC Analyst Trust with Explainable Provenance-Based IDS
Modern intrusion detection systems IDS leverage graph neural networks GNNs to detect malicious activity in system provenance data, but their decisions often remain a black box to analysts. This paper presents a comprehensive XAI framework designed to bridge the trust gap in Security Operations...
Interpretable Ransomware Detection Using Hybrid Large Language Models: A Comparative Analysis of BERT, RoBERTa, and DeBERTa through LIME and SHAP
Ransomware continues to evolve in complexity, making early and explainable detection a critical requirement for modern cybersecurity systems. This study presents a comparative analysis of three Transformer-based Large Language Models LLMs BERT, RoBERTa, and DeBERTa for ransomware detection using...
Explainer-Guided Targeted Adversarial Attacks against Binary Code Similarity Detection Models
Binary code similarity detection BCSD serves as a fundamental technique for various software engineering tasks, e.g., vulnerability detection and classification. Attacks against such models have therefore drawn extensive attention, aiming at misleading the models to generate erroneous predictions...
On the Consistency of GNN Explanations for Malware Detection
Control Flow Graphs CFGs are critical for analyzing program execution and characterizing malware behavior. With the growing adoption of Graph Neural Networks GNNs, CFG-based representations have proven highly effective for malware detection. This study proposes a novel framework that dynamically...