MADCAT: Combating Malware Detection Under Concept Drift with Test-Time Adaptation
This addresses the problem of concept drift for malware detection systems, particularly in Android, with incremental improvements over prior approaches.
The paper tackles concept drift in malware detection by proposing MADCAT, a self-supervised test-time adaptation method that improves detection performance for both old and new data, consistently outperforming baselines in continuous Android malware detection settings.
We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. During test-time training, the model learns features that are useful for detecting both previously seen (old) data and newly arriving samples. We demonstrate the effectiveness of MADCAT in continuous Android malware detection settings. MADCAT consistently outperforms baseline methods in detection performance at test time. We also show the synergy between MADCAT and prior approaches in addressing concept drift in malware detection