Addressing malware family concept drift with triplet autoencoder

• URL: http://arxiv.org/abs/2507.00348v1
• Date: Tue, 01 Jul 2025 00:55:00 GMT
• Title: Addressing malware family concept drift with triplet autoencoder
• Authors: Numan Halit Guldemir, Oluwafemi Olukoya, Jesús Martínez-del-Rincón,
• Abstract summary: Concept drift can occur in two forms: the emergence of entirely new malware families and the evolution of existing ones.<n>This paper proposes an innovative method to address the former, focusing on effectively identifying new malware families.<n>Our results demonstrate a significant improvement in detecting new malware families, offering a reliable solution for ongoing cybersecurity challenges.
• Score: 2.416907802598482
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Machine learning is increasingly vital in cybersecurity, especially in malware detection. However, concept drift, where the characteristics of malware change over time, poses a challenge for maintaining the efficacy of these detection systems. Concept drift can occur in two forms: the emergence of entirely new malware families and the evolution of existing ones. This paper proposes an innovative method to address the former, focusing on effectively identifying new malware families. Our approach leverages a supervised autoencoder combined with triplet loss to differentiate between known and new malware families. We create clear and robust clusters that enhance the accuracy and resilience of malware family classification by utilizing this metric learning technique and the Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithm. The effectiveness of our method is validated using an Android malware dataset and a Windows portable executable (PE) malware dataset, showcasing its capability to sustain model performance within the dynamic landscape of emerging malware threats. Our results demonstrate a significant improvement in detecting new malware families, offering a reliable solution for ongoing cybersecurity challenges.

Related papers

• VOLTRON: Detecting Unknown Malware Using Graph-Based Zero-Shot Learning [0.0]
  The persistent threat of Android malware presents a serious challenge to the security of millions of users globally.<n>We introduce a novel zero-shot learning framework that combines Variational Graph Auto-Encoders (VGAE) with Siamese Neural Networks (SNN) to identify malware without needing prior examples of specific malware families.<n>Our model achieves 96.24% accuracy and 95.20% recall for unknown malware families, highlighting its robustness against evolving Android threats.
  arXiv  Detail & Related papers  (2025-07-06T07:25:25Z)
• Predicting Vulnerability to Malware Using Machine Learning Models: A Study on Microsoft Windows Machines [0.0]
  This study addresses the need for effective malware detection strategies by leveraging Machine Learning (ML) techniques.<n>Our research aims to develop an advanced ML model that accurately predicts malware vulnerabilities based on the specific conditions of individual machines.
  arXiv  Detail & Related papers  (2025-01-05T10:04:58Z)
• A Novel Approach to Malicious Code Detection Using CNN-BiLSTM and Feature Fusion [2.3039261241391586]
  This study employs the minhash algorithm to convert binary files of malware into grayscale images. The study utilizes IDA Pro to decompile and extract opcode sequences, applying N-gram and tf-idf algorithms for feature vectorization. A CNN-BiLSTM fusion model is designed to simultaneously process image features and opcode sequences, enhancing classification performance.
  arXiv  Detail & Related papers  (2024-10-12T07:10:44Z)
• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• A Wolf in Sheep's Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the Wild [39.28931186940845]
  MalGuise is a black-box adversarial attack framework that evaluates the security risks of existing learning-based Windows malware detection systems. MalGuise achieves a remarkably high attack success rate, mostly exceeding 95%, with over 91% of the generated adversarial malware files maintaining the same semantics.
  arXiv  Detail & Related papers  (2024-07-03T08:01:19Z)
• Catch'em all: Classification of Rare, Prominent, and Novel Malware Families [3.147175286021779]
  Malware remains one of the most dangerous and costly cyber threats. As of last year, researchers reported 1.3 billion known malware specimens. These challenges include detection of novel malware and the ability to perform malware classification in the face of class imbalance.
  arXiv  Detail & Related papers  (2024-03-04T23:46:19Z)
• Discovering Malicious Signatures in Software from Structural Interactions [7.06449725392051]
  We propose a novel malware detection approach that leverages deep learning, mathematical techniques, and network science. Our approach focuses on static and dynamic analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile applications within a complex network. Our approach marks a substantial improvement in malware detection, providing a notably more accurate and efficient solution.
  arXiv  Detail & Related papers  (2023-12-19T23:42:20Z)
• A survey on hardware-based malware detection approaches [45.24207460381396]
  Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess. We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
  arXiv  Detail & Related papers  (2023-03-22T13:00:41Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art [44.975088044180374]
  This paper focuses on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware. We first outline the general learning framework of Windows PE malware detection based on ML/DL. We then highlight three unique challenges of performing adversarial attacks in the context of PE malware.
  arXiv  Detail & Related papers  (2021-12-23T02:12:43Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.