{"id":"https://openalex.org/W4383989173","doi":"https://doi.org/10.1145/3607199.3607231","title":"False Sense of Security: Leveraging XAI to Analyze the Reasoning and True Performance of Context-less DGA Classifiers","display_name":"False Sense of Security: Leveraging XAI to Analyze the Reasoning and True Performance of Context-less DGA Classifiers","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4383989173","doi":"https://doi.org/10.1145/3607199.3607231"},"language":"en","primary_location":{"is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607231","pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},"type":"preprint","type_crossref":"proceedings-article","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://arxiv.org/pdf/2307.04358","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063993176","display_name":"Arthur Drichel","orcid":"https://orcid.org/0000-0001-7326-7273"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Arthur Drichel","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001580305","display_name":"Ulrike Meyer","orcid":"https://orcid.org/0000-0002-2569-1042"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ulrike Meyer","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]}],"institution_assertions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"fulltext_origin":"pdf","cited_by_count":5,"citation_normalized_percentile":{"value":0.787004,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":93},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Deep Learning Models","score":0.9997,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Deep Learning Models","score":0.9997,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence","score":0.9988,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection in High-Dimensional Data","score":0.9988,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6570705},{"id":"https://openalex.org/keywords/xai-concepts","display_name":"XAI Concepts","score":0.578537},{"id":"https://openalex.org/keywords/detection","display_name":"Detection","score":0.530564},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep Learning","score":0.529023},{"id":"https://openalex.org/keywords/dynamic-analysis","display_name":"Dynamic Analysis","score":0.500879}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.76902723},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.758324},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6590405},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6570705},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5669284},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.46115255},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.43772423},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.4313505},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.10172829},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607231","pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},{"is_oa":true,"landing_page_url":"http://arxiv.org/abs/2307.04358","pdf_url":"http://arxiv.org/pdf/2307.04358","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":["Cornell University"],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false},{"is_oa":true,"landing_page_url":"https://arxiv.org/abs/2307.04358","pdf_url":"https://arxiv.org/pdf/2307.04358","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":["Cornell University"],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false},{"is_oa":false,"landing_page_url":"https://api.datacite.org/dois/10.48550/arxiv.2307.04358","pdf_url":null,"source":{"id":"https://openalex.org/S4393179698","display_name":"DataCite API","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210145204","host_organization_name":"DataCite","host_organization_lineage":["https://openalex.org/I4210145204"],"host_organization_lineage_names":["DataCite"],"type":"metadata"},"license":null,"license_id":null,"version":null}],"best_oa_location":{"is_oa":true,"landing_page_url":"http://arxiv.org/abs/2307.04358","pdf_url":"http://arxiv.org/pdf/2307.04358","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":["Cornell University"],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false},"sustainable_development_goals":[{"score":0.8,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, justice, and strong institutions"}],"grants":[],"datasets":[],"versions":["https://openalex.org/W4383989173"],"referenced_works_count":42,"referenced_works":["https://openalex.org/W1561983441","https://openalex.org/W1595868485","https://openalex.org/W17316494","https://openalex.org/W1787224781","https://openalex.org/W1853837125","https://openalex.org/W196740607","https://openalex.org/W2082550445","https://openalex.org/W2156204309","https://openalex.org/W2464432954","https://openalex.org/W2528572867","https://openalex.org/W2546910111","https://openalex.org/W2728121559","https://openalex.org/W2768793959","https://openalex.org/W2786906486","https://openalex.org/W2889547652","https://openalex.org/W2912464539","https://openalex.org/W2942650110","https://openalex.org/W2954590176","https://openalex.org/W2958636547","https://openalex.org/W2962862931","https://openalex.org/W2962940036","https://openalex.org/W2963096987","https://openalex.org/W2964636835","https://openalex.org/W3021336872","https://openalex.org/W3096425977","https://openalex.org/W3101155149","https://openalex.org/W3103331180","https://openalex.org/W3103934428","https://openalex.org/W3108961219","https://openalex.org/W3131352160","https://openalex.org/W3195826529","https://openalex.org/W4243494487","https://openalex.org/W4287637491","https://openalex.org/W4288079986","https://openalex.org/W4288287305","https://openalex.org/W4289330434","https://openalex.org/W4289699961","https://openalex.org/W4290856933","https://openalex.org/W4293846201","https://openalex.org/W4294611718","https://openalex.org/W4302282827","https://openalex.org/W4312960814"],"related_works":["https://openalex.org/W4382930947","https://openalex.org/W4380075502","https://openalex.org/W3214759741","https://openalex.org/W3174876210","https://openalex.org/W3152382318","https://openalex.org/W3081288631","https://openalex.org/W3004686567","https://openalex.org/W2738656338","https://openalex.org/W2603787370","https://openalex.org/W2555400967"],"abstract_inverted_index":{"The":[0],"problem":[1],"of":[2,24,34,61,97,106,135],"revealing":[3],"botnet":[4],"activity":[5],"through":[6],"Domain":[7],"Generation":[8],"Algorithm":[9],"(DGA)":[10],"detection":[11,45,92,104,136],"seems":[12],"to":[13,57,66,88,123],"be":[14],"solved,":[15],"considering":[16],"that":[17,73,94,121],"available":[18],"deep":[19,62,109],"learning":[20,63,110],"classifiers":[21,29,64,79],"achieve":[22],"accuracies":[23],"over":[25],"99.9%.":[26],"However,":[27],"these":[28,75],"provide":[30],"a":[31,90,117,126],"false":[32],"sense":[33],"security":[35],"as":[36],"they":[37],"are":[38,86],"heavily":[39],"biased":[40],"and":[41,65,101,133,138],"allow":[42],"for":[43],"trivial":[44],"bypass.":[46],"In":[47,112],"this":[48,113],"work,":[49],"we":[50,85,115],"leverage":[51],"explainable":[52],"artificial":[53],"intelligence":[54],"(XAI)":[55],"methods":[56,137],"analyze":[58],"the":[59,98,103],"reasoning":[60],"systematically":[67],"reveal":[68],"such":[69],"biases.":[70],"We":[71],"show":[72],"eliminating":[74],"biases":[76,100],"from":[77],"DGA":[78],"considerably":[80],"deteriorates":[81],"their":[82],"performance.":[83],"Nevertheless":[84],"able":[87],"design":[89],"context-aware":[91],"system":[93,120],"is":[95],"free":[96],"identified":[99],"maintains":[102],"rate":[105],"state-of-the":[107],"art":[108],"classifiers.":[111],"context,":[114],"propose":[116],"visual":[118],"analysis":[119],"helps":[122],"better":[124],"understand":[125],"classifier's":[127],"reasoning,":[128],"thereby":[129],"increasing":[130],"trust":[131],"in":[132],"transparency":[134],"facilitating":[139],"decision-making.":[140]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W4383989173","counts_by_year":[{"year":2024,"cited_by_count":5}],"updated_date":"2024-11-22T23:02:42.840672","created_date":"2023-07-12"}