Chen, Z; Zhang, Z; Kan, Z; Yang, L; Cortellazzi, J; Pendlebury, F; Pierazzi, F; ... Wang, G; + view all Chen, Z; Zhang, Z; Kan, Z; Yang, L; Cortellazzi, J; Pendlebury, F; Pierazzi, F; Cavallaro, L; Wang, G; - view fewer (2023) Is It Overkill? Analyzing Feature-Space Concept Drift in Malware Detectors. In: Proceedings of the IEEE Security and Privacy Workshops (SPW) 2023. (pp. pp. 21-28). Institute of Electrical and Electronics Engineers (IEEE)

Preview

Text feature-drift.pdf - Accepted Version Download (777kB) | Preview

Abstract

Concept drift is a major challenge faced by machine learning-based malware detectors when deployed in practice. While existing works have investigated methods to detect concept drift, it is not yet well understood regarding the main causes behind the drift. In this paper, we design experiments to empirically analyze the impact of feature-space drift (new features introduced by new samples) and compare it with data-space drift (data distribution shift over existing features). Surprisingly, we find that data-space drift is the dominating contributor to the model degradation over time while feature-space drift has little to no impact. This is consistently observed over both Android and PE malware detectors, with different feature types and feature engineering methods, across different settings. We further validate this observation with recent online learning based malware detectors that incrementally update the feature space. Our result indicates the possibility of handling concept drift without frequent feature updating, and we further discuss the open questions for future research.

Download activity - last month

Export as CSVXMLJSON

Download activity - last 12 months

Export as JSONXMLCSV

Downloads by country - last 12 months

Export as XMLJSONCSV

Archive Staff Only

View Item