{"id":"https://openalex.org/W4416791839","doi":"https://doi.org/10.1007/s44196-025-01011-2","title":"Game-Theoretic Explainable AI for Ensemble-Boosting Models in Early Malware Prediction for Computer Systems","display_name":"Game-Theoretic Explainable AI for Ensemble-Boosting Models in Early Malware Prediction for Computer Systems","publication_year":2025,"publication_date":"2025-11-28","ids":{"openalex":"https://openalex.org/W4416791839","doi":"https://doi.org/10.1007/s44196-025-01011-2"},"language":"en","primary_location":{"id":"doi:10.1007/s44196-025-01011-2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s44196-025-01011-2","pdf_url":null,"source":{"id":"https://openalex.org/S190680769","display_name":"International Journal of Computational Intelligence Systems","issn_l":"1875-6883","issn":["1875-6883","1875-6891"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Computational Intelligence Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1007/s44196-025-01011-2","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074554127","display_name":"Shagufta Henna","orcid":"https://orcid.org/0000-0002-8753-5467"},"institutions":[{"id":"https://openalex.org/I4387152698","display_name":"Atlantic Technological University","ror":"https://ror.org/0458dap48","country_code":null,"type":"education","lineage":["https://openalex.org/I4387152698"]}],"countries":["IE"],"is_corresponding":true,"raw_author_name":"Shagufta Henna","raw_affiliation_strings":["Department of Computing, Atlantic Technological University, Donegal, Ireland"],"affiliations":[{"raw_affiliation_string":"Department of Computing, Atlantic Technological University, Donegal, Ireland","institution_ids":["https://openalex.org/I4387152698"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045253409","display_name":"Mallikharjuna Rao Sakhamuri","orcid":"https://orcid.org/0000-0001-6033-9530"},"institutions":[{"id":"https://openalex.org/I4387152698","display_name":"Atlantic Technological University","ror":"https://ror.org/0458dap48","country_code":null,"type":"education","lineage":["https://openalex.org/I4387152698"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Mallikharjuna Rao Sakhamuri","raw_affiliation_strings":["Department of Computing, Atlantic Technological University, Donegal, Ireland"],"affiliations":[{"raw_affiliation_string":"Department of Computing, Atlantic Technological University, Donegal, Ireland","institution_ids":["https://openalex.org/I4387152698"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120525467","display_name":"Lakshya Gourav Moitra","orcid":null},"institutions":[{"id":"https://openalex.org/I4387152698","display_name":"Atlantic Technological University","ror":"https://ror.org/0458dap48","country_code":null,"type":"education","lineage":["https://openalex.org/I4387152698"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Lakshya Gourav Moitra","raw_affiliation_strings":["Department of Computing, Atlantic Technological University, Donegal, Ireland"],"affiliations":[{"raw_affiliation_string":"Department of Computing, Atlantic Technological University, Donegal, Ireland","institution_ids":["https://openalex.org/I4387152698"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065987103","display_name":"Upaka Rathnayake","orcid":"https://orcid.org/0000-0002-7341-9078"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Upaka Rathnayake","raw_affiliation_strings":["Department of Engineering, Atlantic Technological University, Sligo, Ireland"],"affiliations":[{"raw_affiliation_string":"Department of Engineering, Atlantic Technological University, Sligo, Ireland","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5074554127"],"corresponding_institution_ids":["https://openalex.org/I4387152698"],"apc_list":{"value":1390,"currency":"GBP","value_usd":1704},"apc_paid":{"value":1390,"currency":"GBP","value_usd":1704},"fwci":1.3942,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.86519218,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"18","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.47540000081062317,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.47540000081062317,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.14020000398159027,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.13420000672340393,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8003000020980835},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6471999883651733},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5597000122070312},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4821000099182129},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.47029998898506165},{"id":"https://openalex.org/keywords/intrusion-tolerance","display_name":"Intrusion tolerance","score":0.373199999332428}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.883899986743927},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8003000020980835},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6471999883651733},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5597000122070312},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4821000099182129},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.47029998898506165},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4092000126838684},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3806999921798706},{"id":"https://openalex.org/C196903269","wikidata":"https://www.wikidata.org/wiki/Q6059063","display_name":"Intrusion tolerance","level":3,"score":0.373199999332428},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3605000078678131},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.35089999437332153},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.34630000591278076},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.304500013589859},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.3037000000476837},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.27149999141693115},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2533999979496002}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s44196-025-01011-2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s44196-025-01011-2","pdf_url":null,"source":{"id":"https://openalex.org/S190680769","display_name":"International Journal of Computational Intelligence Systems","issn_l":"1875-6883","issn":["1875-6883","1875-6891"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Computational Intelligence Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:8745a7afdd5a40cf9a0e3bbfcdc9be0e","is_oa":true,"landing_page_url":"https://doaj.org/article/8745a7afdd5a40cf9a0e3bbfcdc9be0e","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"International Journal of Computational Intelligence Systems, Vol 18, Iss 1, Pp 1-38 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1007/s44196-025-01011-2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s44196-025-01011-2","pdf_url":null,"source":{"id":"https://openalex.org/S190680769","display_name":"International Journal of Computational Intelligence Systems","issn_l":"1875-6883","issn":["1875-6883","1875-6891"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Computational Intelligence Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W2788403449","https://openalex.org/W2911964244","https://openalex.org/W2980600608","https://openalex.org/W2983140679","https://openalex.org/W2986166181","https://openalex.org/W2999615587","https://openalex.org/W3023529621","https://openalex.org/W3089959426","https://openalex.org/W4200090997","https://openalex.org/W4206060479","https://openalex.org/W4210345192","https://openalex.org/W4225985424","https://openalex.org/W4362703128","https://openalex.org/W4386448731","https://openalex.org/W4388523068","https://openalex.org/W4389311079","https://openalex.org/W4389513437","https://openalex.org/W4390603899","https://openalex.org/W4390643523","https://openalex.org/W4391400132","https://openalex.org/W4391487214","https://openalex.org/W4392133781","https://openalex.org/W4393851134","https://openalex.org/W4393992045","https://openalex.org/W4399620348"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Malware":[1],"continues":[2],"to":[3,8,65,194],"pose":[4],"a":[5,59,129,256],"critical":[6],"threat":[7,197],"computing":[9],"systems,":[10],"with":[11],"modern":[12],"techniques":[13],"often":[14],"bypassing":[15],"traditional":[16],"signature-based":[17],"defenses.":[18],"Ensemble-boosting":[19],"classifiers,":[20],"including":[21,212],"GBC,":[22],"XGBoost,":[23],"AdaBoost,":[24],"LightGBM,":[25],"and":[26,43,75,82,94,103,117,173,216,236,243,248,259,270],"CatBoost,":[27],"have":[28],"shown":[29],"strong":[30],"predictive":[31],"performance":[32],"for":[33,50,90,99,105,262],"malware":[34,81,156,268],"detection,":[35],"yet":[36],"their":[37],"\u201cblack-box\u201d":[38],"nature":[39],"limits":[40],"transparency,":[41,74],"interpretability,":[42,72,245],"trust,":[44],"all":[45],"of":[46,77,142,170],"which":[47],"are":[48],"essential":[49],"deployment":[51],"in":[52,80,266],"high-stakes":[53],"cybersecurity":[54,204],"environments.":[55],"This":[56],"paper":[57],"proposes":[58],"unified":[60,149,252],"explainable":[61],"AI":[62],"(XAI)":[63],"framework":[64,87,127,183,224,254],"address":[66],"these":[67],"challenges":[68],"by":[69],"improving":[70],"the":[71,126,148,167,182,185,222],"fairness,":[73],"efficiency":[76],"ensemble-boosting":[78,264],"models":[79,265],"intrusion":[83,187,271],"detection":[84,157,188,269],"tasks.":[85],"The":[86],"integrates":[88],"SHAP":[89],"global":[91,242],"feature":[92,163],"importance":[93],"complex":[95,162],"interaction":[96],"analysis;":[97],"LIME":[98],"local,":[100],"instance-level":[101],"explanations;":[102],"DALEX":[104],"fairness":[106,234,246],"auditing":[107],"across":[108,119,202],"sensitive":[109],"attributes,":[110],"ensuring":[111],"that":[112,147,221],"predictions":[113],"remain":[114],"both":[115],"equitable":[116],"meaningful":[118],"diverse":[120],"user":[121],"populations.":[122],"We":[123],"rigorously":[124],"evaluate":[125],"on":[128,184],"large-scale,":[130],"balanced":[131],"dataset":[132],"derived":[133],"from":[134],"Microsoft":[135],"Windows":[136],"Defender":[137],"telemetry,":[138],"covering":[139],"various":[140],"types":[141],"malware.":[143],"Experimental":[144],"results":[145],"demonstrate":[146],"XAI":[150,210,253],"approach":[151],"not":[152],"only":[153],"achieves":[154,232],"high":[155],"accuracy":[158],"but":[159],"also":[160],"uncovers":[161],"interactions,":[164],"such":[165],"as":[166],"combined":[168],"effects":[169],"system":[171],"configuration":[172],"security":[174],"states.":[175],"To":[176],"establish":[177],"generalization,":[178],"we":[179],"further":[180],"validate":[181],"CICIDS-2017":[186],"dataset,":[189],"where":[190],"it":[191],"successfully":[192],"adapts":[193],"different":[195],"network":[196],"patterns,":[198],"highlighting":[199],"its":[200],"robustness":[201],"distinct":[203],"domains.":[205],"Comparative":[206],"experiments":[207],"against":[208],"state-of-the-art":[209],"tools,":[211],"AnchorTabular":[213],"(rule-based":[214],"explanations)":[215],"Fairlearn":[217],"(fairness-focused":[218],"analysis),":[219],"reveal":[220],"proposed":[223],"consistently":[225],"delivers":[226],"deeper":[227],"insights":[228],"into":[229],"model":[230],"behavior,":[231],"better":[233],"metrics,":[235],"reduces":[237],"explanation":[238],"overhead.":[239],"By":[240],"combining":[241],"local":[244],"assurance,":[247],"computational":[249],"optimizations,":[250],"this":[251],"offers":[255],"scalable,":[257],"human-understandable,":[258],"trustworthy":[260],"solution":[261],"deploying":[263],"real-world":[267],"prevention":[272],"systems.":[273]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-11-28T00:00:00"}