LDCDroid: Learning data drift characteristics for handling the model aging problem in Android malware detection

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-12-24 DOI:10.1016/j.cose.2024.104294

Zhen Liu , Ruoyu Wang , Bitao Peng , Lingyu Qiu , Qingqing Gan , Changji Wang , Wenbin Zhang

{"title":"LDCDroid: Learning data drift characteristics for handling the model aging problem in Android malware detection","authors":"Zhen Liu , Ruoyu Wang , Bitao Peng , Lingyu Qiu , Qingqing Gan , Changji Wang , Wenbin Zhang","doi":"10.1016/j.cose.2024.104294","DOIUrl":null,"url":null,"abstract":"<div><div>The dynamic and evolving nature of malware applications can lead to deteriorating performance in malware detection models, a phenomenon known as the model aging problem. This issue compromises the model’s effectiveness in maintaining mobile security. Model retraining have proven effective in enhancing performance on previously unseen applications. However, the substantial need for annotated data remains a significant challenge in acquiring accurate ground truth for model retraining. Therefore, this paper introduces a new method to address the model aging problem in Android malware detection(AMD). To alleviate the burden of manual annotation, our approach incorporates pseudo-labeled data into the retraining process. Specifically, we introduce a novel method for evaluating the data drift scores of newly emerged samples by learning their data drift characteristics. These scores guide the usage of pseudo-labeled and true-labeled data for retraining the model. Our method significantly reduces the resources required for annotation while maintaining the efficacy of malware detection. In long-term datasets, we demonstrate the efficacy of our models through a series of experiments. Results indicate that our method enhances the F-score by approximately 26% in predicting unseen malware over a span of nine years.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104294"},"PeriodicalIF":4.8000,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482400600X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The dynamic and evolving nature of malware applications can lead to deteriorating performance in malware detection models, a phenomenon known as the model aging problem. This issue compromises the model’s effectiveness in maintaining mobile security. Model retraining have proven effective in enhancing performance on previously unseen applications. However, the substantial need for annotated data remains a significant challenge in acquiring accurate ground truth for model retraining. Therefore, this paper introduces a new method to address the model aging problem in Android malware detection(AMD). To alleviate the burden of manual annotation, our approach incorporates pseudo-labeled data into the retraining process. Specifically, we introduce a novel method for evaluating the data drift scores of newly emerged samples by learning their data drift characteristics. These scores guide the usage of pseudo-labeled and true-labeled data for retraining the model. Our method significantly reduces the resources required for annotation while maintaining the efficacy of malware detection. In long-term datasets, we demonstrate the efficacy of our models through a series of experiments. Results indicate that our method enhances the F-score by approximately 26% in predicting unseen malware over a span of nine years.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.