Going Proactive and Explanatory Against Malware Concept Drift
CoRR(2024)
摘要
Deep learning-based malware classifiers face significant challenges due to
concept drift. The rapid evolution of malware, especially with new families,
can depress classification accuracy to near-random levels. Previous research
has primarily focused on detecting drift samples, relying on expert-led
analysis and labeling for model retraining. However, these methods often lack a
comprehensive understanding of malware concepts and provide limited guidance
for effective drift adaptation, leading to unstable detection performance and
high human labeling costs.
To address these limitations, we introduce DREAM, a novel system designed to
surpass the capabilities of existing drift detectors and to establish an
explanatory drift adaptation process. DREAM enhances drift detection through
model sensitivity and data autonomy. The detector, trained in a semi-supervised
approach, proactively captures malware behavior concepts through classifier
feedback. During testing, it utilizes samples generated by the detector itself,
eliminating reliance on extensive training data. For drift adaptation, DREAM
enlarges human intervention, enabling revisions of malware labels and concept
explanations embedded within the detector's latent space. To ensure a
comprehensive response to concept drift, it facilitates a coordinated update
process for both the classifier and the detector. Our evaluation shows that
DREAM can effectively improve the drift detection accuracy and reduce the
expert analysis effort in adaptation across different malware datasets and
classifiers.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要