XAI-driven antivirus in pattern identification of citadel malware

Abstract

Background and Objective:The constant growth of invasions and information theft by using infected software has always been a problem. According to McAfee labs in 2020, on average, 480 new viruses are created each hour. The means of identifying such threats, categorizing and creating vaccines may not be that fast. Thanks to the increasing processing power and the popularity of artificial intelligence, it is now possible to integrate intelligence on an antivirus engine to enhance its protecting capabilities. And doing so with good algorithms and parameterization can be a key asset in securing one’s environment. In this work we analyze the overall performance of our antivirus and compare it with other state-of-art antiviruses. Methods:In this work, we create an extreme neural network which can perform quick training time and have satisfactory accuracy when classifying unknown files that may or may not be infected with Citadel. Our virus database is built with many examples of well-known infected files, and our results are compared with other intelligent antiviruses created by other companies and/or researchers.The proposed technique stands out as a beneficial practice in terms of efficiency and interpretability; it achieves a very reduced number of neurons through its thorough pruning process. This reduction of dimensionality shrinks the input layer by 98%, enhancing not only data interpretation but also reducing the time required for training. Results:Our antivirus achieves an overall performance of 98.50% when distinguishing harmless and malicious portable executable (PE) programs. To enhance accuracy, we conducted tests under various initial conditions, learning functions, and architectures. Our successful results consumes only 0.19 s of training when using the complete training database and the response time is so immediate that the computer rounds it to 0.00 s. Conclusions:In this work, we conclude that mELM implementations are viable, and their performance can match state-of-the-art ones. It’s training and classification times are among the fastest of the algorithms tested, and the accuracy in detecting Citadel-infected PEs is acceptable.