Facing the challenge of leveraging untrained humans in malware analysis

Benjamin Zi Hao Zhao; Hassan Jameel Asghar; Muhammad Ikram; Mohamed Ali Kaafar; Sean Lamont; Daniel Coscia

doi:10.1007/978-3-031-92882-6_5

Facing the challenge of leveraging untrained humans in malware analysis

Benjamin Zi Hao Zhao^*, Hassan Jameel Asghar, Muhammad Ikram, Mohamed Ali Kaafar, Sean Lamont, Daniel Coscia

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

Abstract

Software binary analysis, tools and machine learning aid security analysts in interpreting data, by automated means that filter, prioritize, and arrange pertinent information for skilled analysts. In this work, we revisit cooperative human-machine teams and evaluate the possibility of enabling untrained humans to assist machines and skilled analysts in their analysis of software binaries. Specifically, we propose a pipeline to transform a complex input domain into facial images on which untrained individuals make similarity decisions. Our faces include realistic human, animal, artistic, and anime faces that preserve inherent distances between data points of the input domain. Our approach is evaluated through a human study, where untrained respondents with minimal training successfully flag machine misclassifications. The untrained human does not replace the machine or skilled analyst, instead, utilized in a triage setting, to identify samples without historical precedence, deferring the decision to the skilled analyst for deeper inspection.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection
Subtitle of host publication	40th IFIP International Conference, SEC 2025, Maribor, Slovenia, May 21-23, 2025, proceedings, part I
Editors	Lili Nemec Zlatolas, Kai Rannenberg, Tatjana Welzer, Joaquin Garcia-Alfaro
Place of Publication	Cham, Switzerland
Publisher	Springer, Springer Nature
Pages	61-75
Number of pages	15
ISBN (Electronic)	9783031928826
ISBN (Print)	9783031928819, 9783031928840
DOIs	https://doi.org/10.1007/978-3-031-92882-6_5
Publication status	Published - 2025
Event	40th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2025 - Maribor, Spain Duration: 20 May 2025 → 23 May 2025

Publication series

Name	IFIP Advances in Information and Communication Technology
Publisher	Springer
Volume	745
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	40th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2025
Country/Territory	Spain
City	Maribor
Period	20/05/25 → 23/05/25

Keywords

Malware
Binaries
Data Visualization
Human
Faces
Rapid
Triage

Access to Document

10.1007/978-3-031-92882-6_5

Cite this

Zhao, B. Z. H., Asghar, H. J., Ikram, M., Kaafar, M. A., Lamont, S., & Coscia, D. (2025). Facing the challenge of leveraging untrained humans in malware analysis. In L. Nemec Zlatolas, K. Rannenberg, T. Welzer, & J. Garcia-Alfaro (Eds.), ICT Systems Security and Privacy Protection: 40th IFIP International Conference, SEC 2025, Maribor, Slovenia, May 21-23, 2025, proceedings, part I (pp. 61-75). (IFIP Advances in Information and Communication Technology; Vol. 745). Springer, Springer Nature. https://doi.org/10.1007/978-3-031-92882-6_5

Zhao, Benjamin Zi Hao ; Asghar, Hassan Jameel ; Ikram, Muhammad et al. / Facing the challenge of leveraging untrained humans in malware analysis. ICT Systems Security and Privacy Protection: 40th IFIP International Conference, SEC 2025, Maribor, Slovenia, May 21-23, 2025, proceedings, part I. editor / Lili Nemec Zlatolas ; Kai Rannenberg ; Tatjana Welzer ; Joaquin Garcia-Alfaro. Cham, Switzerland : Springer, Springer Nature, 2025. pp. 61-75 (IFIP Advances in Information and Communication Technology).

@inproceedings{950c38757fab4f26a3b11b65ec565906,

title = "Facing the challenge of leveraging untrained humans in malware analysis",

abstract = "Software binary analysis, tools and machine learning aid security analysts in interpreting data, by automated means that filter, prioritize, and arrange pertinent information for skilled analysts. In this work, we revisit cooperative human-machine teams and evaluate the possibility of enabling untrained humans to assist machines and skilled analysts in their analysis of software binaries. Specifically, we propose a pipeline to transform a complex input domain into facial images on which untrained individuals make similarity decisions. Our faces include realistic human, animal, artistic, and anime faces that preserve inherent distances between data points of the input domain. Our approach is evaluated through a human study, where untrained respondents with minimal training successfully flag machine misclassifications. The untrained human does not replace the machine or skilled analyst, instead, utilized in a triage setting, to identify samples without historical precedence, deferring the decision to the skilled analyst for deeper inspection.",

keywords = "Malware, Binaries, Data Visualization, Human, Faces, Rapid, Triage",

author = "Zhao, \{Benjamin Zi Hao\} and Asghar, \{Hassan Jameel\} and Muhammad Ikram and Kaafar, \{Mohamed Ali\} and Sean Lamont and Daniel Coscia",

year = "2025",

doi = "10.1007/978-3-031-92882-6\_5",

language = "English",

isbn = "9783031928819",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer, Springer Nature",

pages = "61--75",

editor = "\{Nemec Zlatolas\}, Lili and Kai Rannenberg and Tatjana Welzer and Joaquin Garcia-Alfaro",

booktitle = "ICT Systems Security and Privacy Protection",

address = "United States",

note = "40th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2025 ; Conference date: 20-05-2025 Through 23-05-2025",

}

Zhao, BZH, Asghar, HJ , Ikram, M , Kaafar, MA, Lamont, S & Coscia, D 2025, Facing the challenge of leveraging untrained humans in malware analysis. in L Nemec Zlatolas, K Rannenberg, T Welzer & J Garcia-Alfaro (eds), ICT Systems Security and Privacy Protection: 40th IFIP International Conference, SEC 2025, Maribor, Slovenia, May 21-23, 2025, proceedings, part I. IFIP Advances in Information and Communication Technology, vol. 745, Springer, Springer Nature, Cham, Switzerland, pp. 61-75, 40th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2025, Maribor, Spain, 20/05/25. https://doi.org/10.1007/978-3-031-92882-6_5

Facing the challenge of leveraging untrained humans in malware analysis. / Zhao, Benjamin Zi Hao; Asghar, Hassan Jameel ; Ikram, Muhammad et al.
ICT Systems Security and Privacy Protection: 40th IFIP International Conference, SEC 2025, Maribor, Slovenia, May 21-23, 2025, proceedings, part I. ed. / Lili Nemec Zlatolas; Kai Rannenberg; Tatjana Welzer; Joaquin Garcia-Alfaro. Cham, Switzerland: Springer, Springer Nature, 2025. p. 61-75 (IFIP Advances in Information and Communication Technology; Vol. 745).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Facing the challenge of leveraging untrained humans in malware analysis

AU - Zhao, Benjamin Zi Hao

AU - Asghar, Hassan Jameel

AU - Ikram, Muhammad

AU - Kaafar, Mohamed Ali

AU - Lamont, Sean

AU - Coscia, Daniel

PY - 2025

Y1 - 2025

N2 - Software binary analysis, tools and machine learning aid security analysts in interpreting data, by automated means that filter, prioritize, and arrange pertinent information for skilled analysts. In this work, we revisit cooperative human-machine teams and evaluate the possibility of enabling untrained humans to assist machines and skilled analysts in their analysis of software binaries. Specifically, we propose a pipeline to transform a complex input domain into facial images on which untrained individuals make similarity decisions. Our faces include realistic human, animal, artistic, and anime faces that preserve inherent distances between data points of the input domain. Our approach is evaluated through a human study, where untrained respondents with minimal training successfully flag machine misclassifications. The untrained human does not replace the machine or skilled analyst, instead, utilized in a triage setting, to identify samples without historical precedence, deferring the decision to the skilled analyst for deeper inspection.

AB - Software binary analysis, tools and machine learning aid security analysts in interpreting data, by automated means that filter, prioritize, and arrange pertinent information for skilled analysts. In this work, we revisit cooperative human-machine teams and evaluate the possibility of enabling untrained humans to assist machines and skilled analysts in their analysis of software binaries. Specifically, we propose a pipeline to transform a complex input domain into facial images on which untrained individuals make similarity decisions. Our faces include realistic human, animal, artistic, and anime faces that preserve inherent distances between data points of the input domain. Our approach is evaluated through a human study, where untrained respondents with minimal training successfully flag machine misclassifications. The untrained human does not replace the machine or skilled analyst, instead, utilized in a triage setting, to identify samples without historical precedence, deferring the decision to the skilled analyst for deeper inspection.

KW - Malware

KW - Binaries

KW - Data Visualization

KW - Human

KW - Faces

KW - Rapid

KW - Triage

UR - https://www.scopus.com/pages/publications/105005932994

U2 - 10.1007/978-3-031-92882-6_5

DO - 10.1007/978-3-031-92882-6_5

M3 - Conference proceeding contribution

SN - 9783031928819

SN - 9783031928840

T3 - IFIP Advances in Information and Communication Technology

SP - 61

EP - 75

BT - ICT Systems Security and Privacy Protection

A2 - Nemec Zlatolas, Lili

A2 - Rannenberg, Kai

A2 - Welzer, Tatjana

A2 - Garcia-Alfaro, Joaquin

PB - Springer, Springer Nature

CY - Cham, Switzerland

T2 - 40th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2025

Y2 - 20 May 2025 through 23 May 2025

ER -

Zhao BZH, Asghar HJ , Ikram M , Kaafar MA, Lamont S, Coscia D. Facing the challenge of leveraging untrained humans in malware analysis. In Nemec Zlatolas L, Rannenberg K, Welzer T, Garcia-Alfaro J, editors, ICT Systems Security and Privacy Protection: 40th IFIP International Conference, SEC 2025, Maribor, Slovenia, May 21-23, 2025, proceedings, part I. Cham, Switzerland: Springer, Springer Nature. 2025. p. 61-75. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-031-92882-6_5