MADCAT: Combating Malware Detection Under Concept Drift with Test-Time Adaptation
Eunjin Roh, Yigitcan Kaya, Christopher Kruegel, Giovanni Vigna, Sanghyun Hong
TL;DR
MADCAT is a self-supervised test-time adaptation method that improves malware detection accuracy under concept drift by dynamically learning from new data during testing.
Contribution
MADCAT introduces a novel self-supervised, test-time training approach with an encoder-decoder architecture for malware detection under concept drift.
Findings
MADCAT outperforms baseline methods in malware detection accuracy.
MADCAT effectively adapts to concept drift in continuous Android malware detection.
MADCAT synergizes with prior methods to enhance detection performance.
Abstract
We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. During test-time training, the model learns features that are useful for detecting both previously seen (old) data and newly arriving samples. We demonstrate the effectiveness of MADCAT in continuous Android malware detection settings. MADCAT consistently outperforms baseline methods in detection performance at test time. We also show the synergy between MADCAT and prior approaches in addressing concept drift in malware detection
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsData Stream Mining Techniques · Network Security and Intrusion Detection · Advanced Malware Detection Techniques