Jordaney, R;
Sharad, K;
Dash, SK;
Wang, Z;
Papini, D;
Nouretdinov, I;
Cavallaro, L;
(2017)
Transcend: Detecting Concept Drift in Malware Classification Models.
In:
Proceedings of the 26th USENIX Security Symposium.
(pp. pp. 625-642).
USENIX Association: Vancouver, Canada.
Preview |
Text
sec17-jordaney.pdf - Published Version Download (1MB) | Preview |
Abstract
Building machine learning models of malware behavior is widely accepted as a panacea towards effective malware classification. A crucial requirement for building sustainable learning models, though, is to train on a wide variety of malware samples. Unfortunately, malware evolves rapidly and it thus becomes hard—if not impossible—to generalize learning models to reflect future, previously-unseen behaviors. Consequently, most malware classifiers become unsustainable in the long run, becoming rapidly antiquated as malware continues to evolve. In this work, we propose Transcend, a framework to identify aging classification models in vivo during deployment, much before the machine learning model’s performance starts to degrade. This is a significant departure from conventional approaches that retrain aging models retrospectively when poor performance is observed. Our approach uses a statistical comparison of samples seen during deployment with those used to train the model, thereby building metrics for prediction quality. We show how Transcend can be used to identify concept drift based on two separate case studies on Android andWindows malware, raising a red flag before the model starts making consistently poor decisions due to out-of-date training.
| Type: | Proceedings paper |
|---|---|
| Title: | Transcend: Detecting Concept Drift in Malware Classification Models |
| Event: | 26th USENIX Security Symposium |
| Location: | Vancouver, CANADA |
| Dates: | 16 August 2017 - 18 August 2017 |
| ISBN-13: | 978-1-931971-40-9 |
| Open access status: | An open access version is available from UCL Discovery |
| Publisher version: | https://www.usenix.org/conference/usenixsecurity17... |
| Language: | English |
| Additional information: | This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Science & Technology, Technology, Computer Science, Software Engineering, Computer Science, Theory & Methods, Computer Science |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10047303 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
