Beyond the Wrapper: Identifying Artifact Reliance in Static Malware Classifiers using TRUSTEE
For cybersecurity practitioners, it provides a reproducible framework to diagnose artifact reliance in malware classifiers, highlighting a critical bias that undermines model robustness.
The paper addresses the problem of static malware classifiers learning non-semantic artifacts (e.g., packing) instead of true malicious behavior. Using the XAI tool TRUSTEE, they found that top features across experiments were predominantly packing artifacts, PE metadata, and string n-grams, indicating classifiers are highly sensitive to dataset composition and misinterpret packing as malicious.
Modern cybersecurity relies heavily on static machine-learning-based malware classifiers. However, transformations such as packing and other non-semantic modifications applied to executable files limit their reliability. Malware classifiers often learn these unnecessary artifacts rather than the true binary behavior because of the high association between maliciousness and packing. Moreover, these malware classifiers are black boxes, making it difficult to understand what they learn. To address this issue, we proposed a two-part framework using the post-hoc interpretability XAI tool TRUSTEE, followed by a manual analysis of the top features. We conducted several controlled experiments by varying the dataset composition ratios to understand their impact on the results. The top-ranked features across all experiments, identified by TRUSTEE, were predominantly packing artifacts, portable executable(PE) metadata, and n-grams at the string level, rather than malicious semantics. These results suggest that these malware classifiers are highly sensitive to dataset composition and can misinterpret packing as malicious behavior. Our proposed framework allows for the reproducible diagnosis of such biases and forms a guideline for building more robust and semantically meaningful malware detection models