SoK: Modeling Explainability in Security Analytics for Interpretability, Trustworthiness and Usability

Repository for the paper "SoK: Modeling Explainability in Security Analytics for Interpretability, Trustworthiness and Usability" accepted at International Conference on Availability, Reliability and Security (ARES'23).

This paper provides a comprehensive analysis of explainable methods and demonstrates their efficacy in three distinct security applications: anomaly detection using system logs, malware prediction, and detection of adversarial images. Our quantitative and qualitative analysis reveals serious limitations and concerns in state-of-the-art explanation methods in all three applications.

The repository consists of three folders for three use-cases discussed in the paper.

• Use case I: This folder consists of experiments for explanation methods in anomaly detection using system logs.
• Use case II: This folder consists of experiments for explanation methods in malware prediction.
• Use case III: This folder consists of experiments for the application of explanations in adversarial sample detection.
• Helper: The folder contains .py files for generating some test plots.

All the additional required files and models are provided with a Google drive link.