{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T12:11:44Z","timestamp":1778155904582,"version":"3.51.4"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032253071","type":"print"},{"value":"9783032253088","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-25308-8_28","type":"book-chapter","created":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:32:47Z","timestamp":1778153567000},"page":"412-427","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Explainable Malware Detection with\u00a0Tailored Logic Explained Networks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9010-3075","authenticated-orcid":false,"given":"Peter","family":"Anthony","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8492-8110","authenticated-orcid":false,"given":"Francesco","family":"Giannini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5805-8032","authenticated-orcid":false,"given":"Michelangelo","family":"Diligenti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6384-9771","authenticated-orcid":false,"given":"Martin","family":"Homola","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6337-5430","authenticated-orcid":false,"given":"Marco","family":"Gori","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0634-9476","authenticated-orcid":false,"given":"\u0160tefan","family":"Balogh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2196-2271","authenticated-orcid":false,"given":"J\u00e1n","family":"Moj\u017ei\u0161","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,8]]},"reference":[{"key":"28_CR1","doi-asserted-by":"publisher","unstructured":"An, J., Kilmartin, P., Young, B., Deed, R., Yu, W.: Decision trees as feature selection methods to characterize the novice panel\u2019s perception of pinot noir wines (2023). https:\/\/doi.org\/10.21203\/rs.3.rs-2650497\/v1","DOI":"10.21203\/rs.3.rs-2650497\/v1"},{"key":"28_CR2","unstructured":"Anderson, H.S., Roth, P.: Ember: an open dataset for training static PE malware machine learning models. arXiv preprint arXiv:1804.04637 (2018)"},{"key":"28_CR3","unstructured":"Azzolin, S., Longa, A., Barbiero, P., Lio, P., Passerini, A., et\u00a0al.: Global explainability of GNNs via logic combination of learned concepts. In: ICLR 2023, pp. 1\u201319 (2023)"},{"key":"28_CR4","doi-asserted-by":"crossref","unstructured":"Barbiero, P., Ciravegna, G., Giannini, F., Li\u00f3, P., Gori, M., Melacci, S.: Entropy-based logic explanations of neural networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a036, pp. 6046\u20136054 (2022)","DOI":"10.1609\/aaai.v36i6.20551"},{"key":"28_CR5","doi-asserted-by":"crossref","unstructured":"Borojerdi, H.R., Abadi, M.: Malhunter: autonymatic generation of multiple behavioral signatures for polymorphic malware detection, pp. 430\u2013436 (2013)","DOI":"10.1109\/ICCKE.2013.6682867"},{"key":"28_CR6","doi-asserted-by":"publisher","unstructured":"B\u00fchmann, L., Lehmann, J., Westphal, P., Bin, S.: Dl-learner structured machine learning on semantic web data. In: Companion Proceedings of the The Web Conference 2018, WWW \u201918, pp. 467\u2013471. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva (2018). https:\/\/doi.org\/10.1145\/3184558.3186235","DOI":"10.1145\/3184558.3186235"},{"key":"28_CR7","doi-asserted-by":"publisher","unstructured":"Ciravegna, G., et al.: Logic explained networks. Artif. Intell. 314, 103822 (2023). https:\/\/doi.org\/10.1016\/j.artint.2022.103822","DOI":"10.1016\/j.artint.2022.103822"},{"key":"28_CR8","doi-asserted-by":"crossref","unstructured":"Ciravegna, G., et al.: Learning logic explanations by neural networks. In: Compendium of Neurosymbolic Artificial Intelligence, pp. 547\u2013558. IOS Press (2023)","DOI":"10.3233\/FAIA230157"},{"key":"28_CR9","doi-asserted-by":"publisher","unstructured":"Connors, C., Sarkar, D.: Machine learning for detecting malware in pe files (2022). https:\/\/doi.org\/10.48550\/arXiv.2212.13988","DOI":"10.48550\/arXiv.2212.13988"},{"key":"28_CR10","doi-asserted-by":"publisher","unstructured":"Dolej\u0161, J., Jure\u010dek, M.: Interpretability of machine learning-based results of malware detection using a set of rules. In: Artificial Intelligence for Cybersecurity, pp. 107\u2013136. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-030-97087-1_5","DOI":"10.1007\/978-3-030-97087-1_5"},{"key":"28_CR11","doi-asserted-by":"publisher","unstructured":"Fumagalli, F., Muschalik, M., H\u00fcllermeier, E., Hammer, B.: Incremental permutation feature importance (ipfi): towards online explanations on data streams. ML 112(12), 4863\u20134903 (2023). https:\/\/doi.org\/10.1007\/s10994-023-06385-y","DOI":"10.1007\/s10994-023-06385-y"},{"key":"28_CR12","doi-asserted-by":"crossref","unstructured":"He, Y., Lou, J., Qin, Z., Ren, K.: Finer: enhancing state-of-the-art classifiers with feature attribution to facilitate security analysis. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201923, pp. 416\u2013430. Association for Computing Machinery, New York (2023)","DOI":"10.1145\/3576915.3616599"},{"key":"28_CR13","doi-asserted-by":"publisher","first-page":"640","DOI":"10.1109\/COMST.2018.2871866","volume":"21","author":"M Hus\u00e1k","year":"2019","unstructured":"Hus\u00e1k, M., Kom\u00e1rkov\u00e1, J., Bou-Harb, E., \u010celeda, P.: Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun. Surv. Tutor. 21, 640\u2013660 (2019). https:\/\/doi.org\/10.1109\/COMST.2018.2871866","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"28_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102198","volume":"105","author":"G Iadarola","year":"2021","unstructured":"Iadarola, G., Martinelli, F., Mercaldo, F., Santone, A.: Towards an interpretable deep learning model for mobile malware detection and family identification. Comput. Secur. 105, 102198 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102198","journal-title":"Comput. Secur."},{"key":"28_CR15","doi-asserted-by":"crossref","unstructured":"Jain, R., Ciravegna, G., Barbiero, P., Giannini, F., Buffelli, D., Lio, P.: Extending logic explained networks to text classification. In: EMNLP (2022)","DOI":"10.18653\/v1\/2022.emnlp-main.604"},{"key":"28_CR16","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1016\/j.procs.2021.03.118","volume":"184","author":"M Kinkead","year":"2021","unstructured":"Kinkead, M., Millar, S., McLaughlin, N., O\u2019Kane, P.: Tonywards explainable cnns for android malware detection. Procedia Comput. Sci. 184, 959\u2013965 (2021). https:\/\/doi.org\/10.1016\/j.procs.2021.03.118","journal-title":"Procedia Comput. Sci."},{"key":"28_CR17","doi-asserted-by":"publisher","unstructured":"Lad, S., Adamuthe, A.: Improved deep learning model for static PE files malware detection and classification. Int. J. Comput. Netw. Inf. Secur. 14, 14\u201326 (2022). https:\/\/doi.org\/10.5815\/ijcnis.2022.02.02","DOI":"10.5815\/ijcnis.2022.02.02"},{"key":"28_CR18","first-page":"2639","volume":"10","author":"J Lehmann","year":"2009","unstructured":"Lehmann, J.: Dl-learner: learning concepts in description logics. J. Mach. Learn. Res. 10, 2639\u20132642 (2009)","journal-title":"J. Mach. Learn. Res."},{"key":"28_CR19","doi-asserted-by":"publisher","unstructured":"Liu, H., Cocea, M., Ding, W.: Decision tree learning based feature evaluation and selection for image classification. In: 2017 ICMLC, vol.\u00a02, pp. 569\u2013574 (2017). https:\/\/doi.org\/10.1109\/ICMLC.2017.8108975","DOI":"10.1109\/ICMLC.2017.8108975"},{"key":"28_CR20","unstructured":"Lundberg, S.M., Lee, S.I.: A unified approach to interpreting model predictions. In: Proceedings of the 31st International Conference on Neural Information Processing Systems, NIPS\u201917, pp. 4768\u20134777. Curran Associates Inc., Red Hook (2017)"},{"key":"28_CR21","series-title":"Lecture Notes in Networks and Systems","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-030-86261-9_5","volume-title":"Distributed Computing and Artificial Intelligence, Volume 1: 18th International Conference","author":"B Marais","year":"2022","unstructured":"Marais, B., Quertier, T., Chesneau, C.: Malware analysis with artificial intelligence and a particular attention on\u00a0results interpretability. In: Matsui, K., Omatu, S., Yigitcanlar, T., Gonz\u00e1lez, S.R. (eds.) DCAI 2021. LNNS, vol. 327, pp. 43\u201355. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-86261-9_5"},{"key":"28_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102718","volume":"58","author":"S Millar","year":"2021","unstructured":"Millar, S., McLaughlin, N., del Rincon, J.M., Miller, P.: Multi-view deep learning for zero-day android malware detection. J. Inf. Secur. Appl. 58, 102718 (2021). https:\/\/doi.org\/10.1016\/j.jisa.2020.102718","journal-title":"J. Inf. Secur. Appl."},{"key":"28_CR23","doi-asserted-by":"publisher","unstructured":"Mills, A., Spyridopoulos, T., Legg, P.: Efficient and interpretable real-time malware detection using random-forest, pp.\u00a01\u20138 (2019). https:\/\/doi.org\/10.1109\/CyberSA.2019.8899533","DOI":"10.1109\/CyberSA.2019.8899533"},{"key":"28_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-031-53552-9_1","volume-title":"Data Analytics in System Engineering","author":"J Moj\u017ei\u0161","year":"2024","unstructured":"Moj\u017ei\u0161, J., Kenyeres, M.: Interpretable rules with a simplified data representation - a case study with the ember dataset. In: Silhavy, R., Silhavy, P. (eds.) Data Analytics in System Engineering, pp. 1\u201310. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-53552-9_1"},{"key":"28_CR25","doi-asserted-by":"crossref","unstructured":"Nembrini, S., K\u00f6nig, I.R., Wright, M.N.: The revival of the Gini importance? Bioinformatics 34(21), 3711\u20133718 (2018)","DOI":"10.1093\/bioinformatics\/bty373"},{"key":"28_CR26","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1186\/s13040-021-00243-0","volume":"14","author":"A Orlenko","year":"2021","unstructured":"Orlenko, A., Moore, J.H.: A comparison of methods for interpreting random forest models of genetic association in the presence of non-additive interactions. BioData Mining 14, 9 (2021). https:\/\/doi.org\/10.1186\/s13040-021-00243-0","journal-title":"BioData Mining"},{"key":"28_CR27","unstructured":"Papenmeier, A., Englebienne, G., Seifert, C.: How model accuracy and explanation fidelity influence user trust (2019)"},{"key":"28_CR28","doi-asserted-by":"publisher","unstructured":"Pramanik, S., Teja, H.: Ember - analysis of malware dataset using convolutional neural networks. In: 3rd ICISC, pp. 286\u2013291 (2019). https:\/\/doi.org\/10.1109\/ICISC44355.2019.9036424","DOI":"10.1109\/ICISC44355.2019.9036424"},{"key":"28_CR29","doi-asserted-by":"crossref","unstructured":"Raff, E., Fleshman, W., Zak, R., Anderson, H.S., Filar, B., McLean, M.: Classifying sequences of extreme length with constant memory applied to malware detection (2020)","DOI":"10.1609\/aaai.v35i11.17131"},{"key":"28_CR30","doi-asserted-by":"crossref","unstructured":"Ribeiro, M.T., Singh, S., Guestrin, C.: \u201cwhy should i trust you?\" Explaining the predictions of any classifier. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1135\u20131144 (2016)","DOI":"10.1145\/2939672.2939778"},{"key":"28_CR31","doi-asserted-by":"publisher","unstructured":"Sadaria, P., Khachariya, H., Hirpara, J.: Exploring the diverse applications of deep learning across multiple domains. Recent Res. Rev. J. 2(1), 183\u2013200 (2023). https:\/\/doi.org\/10.36548\/rrrj.2023.1.16","DOI":"10.36548\/rrrj.2023.1.16"},{"key":"28_CR32","unstructured":"Severi, G., Meyer, J., Coull, S., Oprea, A.: Explanation-Guided backdoor poisoning attacks against malware classifiers. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1487\u20131504. USENIX Association (2021)"},{"key":"28_CR33","doi-asserted-by":"publisher","unstructured":"Sun, R., et al.: Mate! are you really aware? An explainability-guided testing framework for robustness of malware detectors. In: Proceedings 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1573\u20131585. ESEC\/FSE 2023 (2023). https:\/\/doi.org\/10.1145\/3611643.3616309","DOI":"10.1145\/3611643.3616309"},{"key":"28_CR34","doi-asserted-by":"publisher","unstructured":"Svec, P., Balogh, S., Homola, M., Kluka, J.: Knowledge-based dataset for training PE malware detection models. CoRR arxiv:2301.00153 (2023). https:\/\/doi.org\/10.48550\/arXiv.2301.00153","DOI":"10.48550\/arXiv.2301.00153"},{"key":"28_CR35","unstructured":"S\u030cvec, P., Balogh, S\u030c., Homola, M., Kl\u2019uka, J., Bist\u00e1k, T.: Semantic data representation for explainable windows malware detection models. arXiv:2403.11669 (2024)"},{"key":"28_CR36","first-page":"33","volume":"4","author":"D Venugopal","year":"2008","unstructured":"Venugopal, D., Hu, G.: Efficient signature based malware detection on mobile devices. Mob. Inf. Syst. 4, 33\u201349 (2008)","journal-title":"Mob. Inf. Syst."},{"key":"28_CR37","doi-asserted-by":"publisher","unstructured":"Wang, X., Liu, C., Hu, X., Wang, Z., Yin, J., Cui, X.: Make data reliable: an explanation-powered cleaning on malware dataset against backdoor poisoning attacks. In: Proc. of the 38th Annual Computer Security Applications Conference (ACSAC \u201922), pp. 267\u2013278. Association for Computing Machinery, New York (2022). https:\/\/doi.org\/10.1145\/3564625.3564661","DOI":"10.1145\/3564625.3564661"},{"key":"28_CR38","doi-asserted-by":"publisher","first-page":"8857417","DOI":"10.1155\/2021\/8857417","volume":"2021","author":"H Xu","year":"2021","unstructured":"Xu, H., Zhang, X., Li, H., Xiang, G.: An ensemble of adaptive surrogate models based on local error expectations. Math. Prob. Eng. 2021, 8857417 (2021). https:\/\/doi.org\/10.1155\/2021\/8857417","journal-title":"Math. Prob. Eng."},{"key":"28_CR39","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/s10115-017-1058-9","volume":"54","author":"Y Ye","year":"2018","unstructured":"Ye, Y., Chen, L., Hou, S., Hardy, W., Li, X.: Deepam: a heterogeneous deep learning framework for intelligent malware detection. Knowl. Inf. Syst. 54, 265\u2013285 (2018)","journal-title":"Knowl. Inf. Syst."},{"key":"28_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3073559","volume":"50","author":"Y Ye","year":"2017","unstructured":"Ye, Y., Li, T., Adjeroh, D., Iyengar, S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. 50, 1\u201340 (2017). https:\/\/doi.org\/10.1145\/3073559","journal-title":"ACM Comput. Surv."}],"container-title":["Communications in Computer and Information Science","Machine Learning and Principles and Practice of Knowledge Discovery in Databases"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-25308-8_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:32:57Z","timestamp":1778153577000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-25308-8_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032253071","9783032253088"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-25308-8_28","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"8 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors\u00a0have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ECML PKDD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vilnius","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lithuania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecml2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2024.ecmlpkdd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}