UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Transcend: Detecting Concept Drift in Malware Classification Models

Jordaney, R; Sharad, K; Dash, SK; Wang, Z; Papini, D; Nouretdinov, I; Cavallaro, L; (2017) Transcend: Detecting Concept Drift in Malware Classification Models. In: Proceedings of the 26th USENIX Security Symposium. (pp. pp. 625-642). USENIX Association: Vancouver, Canada. Green open access

sec17-jordaney.pdf - Published version

Download (1MB) | Preview


Building machine learning models of malware behavior is widely accepted as a panacea towards effective malware classification. A crucial requirement for building sustainable learning models, though, is to train on a wide variety of malware samples. Unfortunately, malware evolves rapidly and it thus becomes hard—if not impossible—to generalize learning models to reflect future, previously-unseen behaviors. Consequently, most malware classifiers become unsustainable in the long run, becoming rapidly antiquated as malware continues to evolve. In this work, we propose Transcend, a framework to identify aging classification models in vivo during deployment, much before the machine learning model’s performance starts to degrade. This is a significant departure from conventional approaches that retrain aging models retrospectively when poor performance is observed. Our approach uses a statistical comparison of samples seen during deployment with those used to train the model, thereby building metrics for prediction quality. We show how Transcend can be used to identify concept drift based on two separate case studies on Android andWindows malware, raising a red flag before the model starts making consistently poor decisions due to out-of-date training.

Type: Proceedings paper
Title: Transcend: Detecting Concept Drift in Malware Classification Models
Event: 26th USENIX Security Symposium
Location: Vancouver, CANADA
Dates: 16 August 2017 - 18 August 2017
ISBN-13: 978-1-931971-40-9
Open access status: An open access version is available from UCL Discovery
Publisher version: https://www.usenix.org/conference/usenixsecurity17...
Language: English
Additional information: This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Science & Technology, Technology, Computer Science, Software Engineering, Computer Science, Theory & Methods, Computer Science
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
URI: https://discovery.ucl.ac.uk/id/eprint/10047303
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item