Chow, Theo;
Kan, Zeliang;
Linhardt, Lorenz;
Cavallaro, Lorenzo;
Arp, Daniel;
Pierazzi, Fabio;
(2023)
Drift Forensics of Malware Classifiers.
In:
Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security.
(pp. pp. 197-207).
ACM: Copenhagen, Denmark.
Preview |
Text
Drift Forensics of Malware Classifiers.pdf - Accepted Version Download (1MB) | Preview |
Abstract
The widespread occurrence of mobile malware still poses a significant security threat to billions of smartphone users. To counter this threat, several machine learning-based detection systems have been proposed within the last decade. These methods have achieved impressive detection results in many settings, without requiring the manual crafting of signatures. Unfortunately, recent research has demonstrated that these systems often suffer from significant performance drops over time if the underlying distribution changes—a phenomenon referred to as concept drift. So far, however, it is still an open question which main factors cause the drift in the data and, in turn, the drop in performance of current detection systems. To address this question, we present a framework for the indepth analysis of dataset affected by concept drift. The framework allows gaining a better understanding of the root causes of concept drift, a fundamental stepping stone for building robust detection methods. To examine the effectiveness of our framework, we use it to analyze a commonly used dataset for Android malware detection as a first case study. Our analysis yields two key insights into the drift that affects several state-of-the-art methods. First, we find that most of the performance drop can be explained by the rise of two malware families in the dataset. Second, we can determine how the evolution of certain malware families and even goodware samples affects the classifier’s performance. Our findings provide a novel perspective on previous evaluations conducted using this dataset and, at the same time, show the potential of the proposed framework to obtain a better understanding of concept drift in mobile malware and related settings.
| Type: | Proceedings paper |
|---|---|
| Title: | Drift Forensics of Malware Classifiers |
| Event: | CCS '23: ACM SIGSAC Conference on Computer and Communications Security |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/3605764.3623918 |
| Publisher version: | https://doi.org/10.1145/3605764.3623918 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10182372 |
Archive Staff Only
 |
View Item |
