Master of Science (MS)
Fabio Di Troia
Android malware, SVMs
Machine learning and deep learning algorithms have been successfully applied to the problems of malware detection, classification, and analysis. However, most of such studies have been limited to applying learning algorithms to a static snapshot of malware, which fails to account for concept drift, that is, the non-stationary nature of the data. In practice, models need to be updated whenever a sufficient level of concept drift has occurred. In this research, we consider concept drift detection in the context of Android malware. We train a series of Support Vector Machines (SVM) over sliding windows of time and compare the resulting SVM weight vectors using cosine similarity. Changes in the SVM weight vectors serve as a proxy for changes in the underlying malware samples, which enables us to automatically detect concept drift. We also experiment with clustering techniques as a way to automatically detect concept drift in these same Android malware families.
Singh, Inderpreet, "Concept Drift Detection in Android Malware" (2023). Master's Projects. 1274.
Available for download on Sunday, May 26, 2024