Publication Date

Spring 2023

Degree Type

Master's Project

Degree Name

Master of Science (MS)


Computer Science

First Advisor

Mark Stamp

Second Advisor

Fabio Di Troia

Third Advisor

Katerina Potika


Android malware, SVMs


Machine learning and deep learning algorithms have been successfully applied to the problems of malware detection, classification, and analysis. However, most of such studies have been limited to applying learning algorithms to a static snapshot of malware, which fails to account for concept drift, that is, the non-stationary nature of the data. In practice, models need to be updated whenever a sufficient level of concept drift has occurred. In this research, we consider concept drift detection in the context of Android malware. We train a series of Support Vector Machines (SVM) over sliding windows of time and compare the resulting SVM weight vectors using cosine similarity. Changes in the SVM weight vectors serve as a proxy for changes in the underlying malware samples, which enables us to automatically detect concept drift. We also experiment with clustering techniques as a way to automatically detect concept drift in these same Android malware families.