Demystify AI Security Products With a Universal Pluggable XAI Translator

Conference:  BlackHat USA 2021



The presentation discusses the use of XAI to explain security products and bridge the gap between academic research and industrial demand.
  • XAI is used to explain security products to provide more insight into detection results and help improve production.
  • XAI can be used by customers to evaluate security products and make purchasing decisions.
  • XAI can also be used by attackers to launch certain types of attacks against commercial security products.
  • The presentation aims to help the audience understand XAI and use it to evaluate security products in their daily job.
  • There is a gap between academic research and industrial demand for XAI in security products.
  • The presentation hopes to inspire researchers to fill this gap in future work.
The presentation provides an example of using XAI to generate adversarial examples and leak information from a hyper-secure product. The intrusion protection system was used to illustrate the point that the model did not learn the actual SQL injection pattern. By modifying a benign pattern, the team was able to generate adversarial examples that could pass the IPS detection. Additionally, the team modified a secure product to include heuristic rules and found that the alarm tools could accurately identify the secure injection pattern with high confidence. This illustrates the potential for attackers to learn the rules from the secure product and use it as information leakage.


In the past years, we witnessed a dramatic rise in the platforms and apps based on machine learning and artificial intelligence. Inevitably, nearly every security product claims to be powered by deep learning technology and achieve an incredible detection rate. Confused by the various fancy terms advertised by security companies, the dilemma faced by customers is how to determine the quality of these products and how to choose the suitable one. Previous studies have proposed various ways to evaluate many kinds of ML-based security products (e.g malware detection, cloud-based, endpoint av). Our presentation tends to bridge the research‐to‐practice gap by sharing our experience when evaluating the real-world vendor's products.