Transcend: Detecting Concept Drift in Malware Classification Models
- Submitting institution
-
The University of Surrey
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 9026519_1
- Type
- E - Conference contribution
- DOI
-
-
- Title of conference / published proceedings
- 26th USENIX Security Symposium
- First page
- 625
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- -
- Year of publication
- 2017
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
-
- Research group(s)
-
-
- Citation count
- 42
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Performance of malware classification systems degrade over time because they are trained on out-of-date samples while trying to classify newer samples. A mitigation strategy is to use probability of classification into malware families as a measure to understand the level of confidence in the classification process. We showed, for the first time, such probability scores were misleading. This work has led to a patent application with the European patent office. The demonstration of temporal degradation is now recognised as a bias that must be addressed in malware classification (e.g. https://www.usenix.org/conference/usenixsecurity19/presentation/pendlebury).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -