Explainable Malware Detection Using Predefined Network Flow

As the internet has become an indispensable part of modern life, defences against cybersecurity attacks have become an important topic and a considerable number of studies have been made to provide reliable tactics to defend against cyberattacks. Flow export protocols and technologies provide several advantages in network monitoring. By using flow data aggregated from packets, the amount of data to be analysed has been significantly reduced and it is often said to be more scalable than packet-based traffic analysis. With the help of modern Artificial Intelligent algorithms, AI can be trained with flow data to predict hackers' attacks and types of malware. In this paper, we will present CSTITool, a CICFlowMeter-based flow extraction tool, to feature extraction with an aim of improving the model performance. The flow features will be used to train a machine learning-based model for hackers' attacks and malware classification. To provide interpretability, an explainable AI will be introduced to help understand the relation between the prediction and the features.