Interpretability of API Call Topic Models: An Exploratory Study
| dc.contributor.author | Glendowne, Puntitra | |
| dc.contributor.author | Glendowne, Dae | |
| dc.date.accessioned | 2020-01-04T08:31:47Z | |
| dc.date.available | 2020-01-04T08:31:47Z | |
| dc.date.issued | 2020-01-07 | |
| dc.description.abstract | Topic modeling is an unsupervised method for discovering semantically coherent combinations of words, called topics, in unstructured text. However, the human interpretability of topics discovered from non-natural language corpora, specifically Windows API call logs, is unknown. Our objective is to explore the coherence of topics and their ability to represent the themes of API calls from malware analysts’ perspective. Three Latent Dirichlet Allocation (LDA) models were fit to a collection of dynamic API call logs. Topics, or behavioral themes, were manually evaluated by malware analysts. The results were compared to existing automated quality measures. Participants were able to accurately determine API calls that did not belong in behavioral themes learned by the 20 topic model. Our results agree with topic coherence measures in terms of highest interpretable topics. The results are not compatible with log-perplexity, which concur with the findings of topic evaluation literature on natural language corpora. | |
| dc.format.extent | 10 pages | |
| dc.identifier.doi | 10.24251/HICSS.2020.793 | |
| dc.identifier.isbn | 978-0-9981331-3-3 | |
| dc.identifier.uri | http://hdl.handle.net/10125/64535 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Proceedings of the 53rd Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Machine Learning and Cyber Threat Intelligence and Analytics | |
| dc.subject | api call | |
| dc.subject | malware analysis | |
| dc.subject | malware behaviors | |
| dc.subject | topic model | |
| dc.title | Interpretability of API Call Topic Models: An Exploratory Study | |
| dc.type | Conference Paper | |
| dc.type.dcmi | Text |
Files
Original bundle
1 - 1 of 1