MORPH: Towards Automated Concept Drift Adaptation for Malware Detection
This addresses the problem of performance degradation in malware detection models over time for security applications, representing an incremental advancement.
The paper tackles concept drift in malware detection by proposing MORPH, a pseudo-label-based adaptation method for neural networks, which reduces annotation efforts and significantly improves over existing works in automated adaptation.
Concept drift is a significant challenge for malware detection, as the performance of trained machine learning models degrades over time, rendering them impractical. While prior research in malware concept drift adaptation has primarily focused on active learning, which involves selecting representative samples to update the model, self-training has emerged as a promising approach to mitigate concept drift. Self-training involves retraining the model using pseudo labels to adapt to shifting data distributions. In this research, we propose MORPH -- an effective pseudo-label-based concept drift adaptation method specifically designed for neural networks. Through extensive experimental analysis of Android and Windows malware datasets, we demonstrate the efficacy of our approach in mitigating the impact of concept drift. Our method offers the advantage of reducing annotation efforts when combined with active learning. Furthermore, our method significantly improves over existing works in automated concept drift adaptation for malware detection.