Towards Online Malware Detection using Process Resource Utilization Metrics

• URL: http://arxiv.org/abs/2601.10164v1
• Date: Thu, 15 Jan 2026 08:05:47 GMT
• Title: Towards Online Malware Detection using Process Resource Utilization Metrics
• Authors: Themistoklis Diamantopoulos, Dimosthenis Natsos, Andreas L. Symeonidis,
• Abstract summary: This paper proposes an online learning approach for dynamic malware detection.<n>It incorporates temporal information to continuously update its models using behavioral features.<n>We find it effective in detecting zero-day malware.
• Score: 0.3823356975862005
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The rapid growth of Cloud Computing and Internet of Things (IoT) has significantly increased the interconnection of computational resources, creating an environment where malicious software (malware) can spread rapidly. To address this challenge, researchers are increasingly utilizing Machine Learning approaches to identify malware through behavioral (i.e. dynamic) cues. However, current approaches are limited by their reliance on large labeled datasets, fixed model training, and the assumption that a trained model remains effective over time-disregarding the ever-evolving sophistication of malware. As a result, they often fail to detect evolving malware attacks that adapt over time. This paper proposes an online learning approach for dynamic malware detection, that overcomes these limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics. By doing so, the proposed models can incrementally adapt to emerging threats and detect zero-day malware effectively. Upon evaluating our approach against traditional batch algorithms, we find it effective in detecting zero-day malware. Moreover, we demonstrate its efficacy in scenarios with limited data availability, where traditional batch-based approaches often struggle to perform reliably.

Related papers

• Learning-Augmented Moment Estimation on Time-Decay Models [55.06256430461023]
  We use an oracle for the heavy-hitters of datasets to give learning-augmented algorithms for a number of fundamental problems.<n>We complement our theoretical results with a number of empirical evaluations that demonstrate the practical efficiency of our algorithms on real and synthetic datasets.
  arXiv  Detail & Related papers  (2026-03-03T00:42:34Z)
• ADAPT: A Pseudo-labeling Approach to Combat Concept Drift in Malware Detection [0.8192907805418583]
  Adapting machine learning models to changing data distributions requires frequent updates.<n>We introduce texttADAPT, a novel pseudo-labeling semi-supervised algorithm for addressing concept drift.
  arXiv  Detail & Related papers  (2025-07-11T13:47:07Z)
• Addressing malware family concept drift with triplet autoencoder [2.416907802598482]
  Concept drift can occur in two forms: the emergence of entirely new malware families and the evolution of existing ones.<n>This paper proposes an innovative method to address the former, focusing on effectively identifying new malware families.<n>Our results demonstrate a significant improvement in detecting new malware families, offering a reliable solution for ongoing cybersecurity challenges.
  arXiv  Detail & Related papers  (2025-07-01T00:55:00Z)
• A Sysmon Incremental Learning System for Ransomware Analysis and Detection [1.495391051525033]
  In the face of increasing cyber threats, particularly ransomware attacks, there is a pressing need for advanced detection and analysis systems.<n>Most of these proposals leverage non-incremental learning approaches that require the underlying models to be updated from scratch to detect new ransomware.<n>This approach is problematic because it leaves sensitive data vulnerable to attack during retraining, as newly emerging ransomware strains may go undetected until the model is updated.<n>We present the Sysmon Incremental Learning System for Analysis and Detection (SILRAD), which enables continuous updates to the underlying model and effectively closes the training gap.
  arXiv  Detail & Related papers  (2025-01-02T06:22:58Z)
• Learn while Unlearn: An Iterative Unlearning Framework for Generative Language Models [52.40798352740857]
  We introduce the Iterative Contrastive Unlearning (ICU) framework, which consists of three core components.<n>A Knowledge Unlearning Induction module targets specific knowledge for removal using an unlearning loss.<n>A Contrastive Learning Enhancement module preserves the model's expressive capabilities against the pure unlearning goal.<n>An Iterative Unlearning Refinement module dynamically adjusts the unlearning process through ongoing evaluation and updates.
  arXiv  Detail & Related papers  (2024-07-25T07:09:35Z)
• Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal Samples [10.352741619176383]
  We propose a new technique for detecting and classifying drifted malware.<n>It learns drift-invariant features in malware control flow graphs by leveraging graph neural networks with adversarial domain adaptation.<n>Our approach significantly improves drifted malware detection on publicly available benchmarks and real-world malware databases reported daily by security companies.
  arXiv  Detail & Related papers  (2024-07-18T22:06:20Z)
• Discovering Malicious Signatures in Software from Structural Interactions [7.06449725392051]
  We propose a novel malware detection approach that leverages deep learning, mathematical techniques, and network science. Our approach focuses on static and dynamic analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile applications within a complex network. Our approach marks a substantial improvement in malware detection, providing a notably more accurate and efficient solution.
  arXiv  Detail & Related papers  (2023-12-19T23:42:20Z)
• Age-Based Scheduling for Mobile Edge Computing: A Deep Reinforcement Learning Approach [58.911515417156174]
  We propose a new definition of Age of Information (AoI) and, based on the redefined AoI, we formulate an online AoI problem for MEC systems. We introduce Post-Decision States (PDSs) to exploit the partial knowledge of the system's dynamics. We also combine PDSs with deep RL to further improve the algorithm's applicability, scalability, and robustness.
  arXiv  Detail & Related papers  (2023-12-01T01:30:49Z)
• Safe AI for health and beyond -- Monitoring to transform a health service [51.8524501805308]
  We will assess the infrastructure required to monitor the outputs of a machine learning algorithm. We will present two scenarios with examples of monitoring and updates of models.
  arXiv  Detail & Related papers  (2023-03-02T17:27:45Z)
• Automated Machine Learning Techniques for Data Streams [91.3755431537592]
  This paper surveys the state-of-the-art open-source AutoML tools, applies them to data collected from streams, and measures how their performance changes over time. The results show that off-the-shelf AutoML tools can provide satisfactory results but in the presence of concept drift, detection or adaptation techniques have to be applied to maintain the predictive accuracy over time.
  arXiv  Detail & Related papers  (2021-06-14T11:42:46Z)
• Adversarial vs behavioural-based defensive AI with joint, continual and active learning: automated evaluation of robustness to deception, poisoning and concept drift [62.997667081978825]
  Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security. In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
  arXiv  Detail & Related papers  (2020-01-13T13:54:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.