What is it about?

Machine learning–based classification is a major approach for malware detection. Yet this kind of detectors can deteriorate over time, meaning their accuracy may decrease when you apply them to apps that are newer than what the detectors were trained on. This paper studies this problem with existing detectors of this kind, and propose a new methodology for developing detectors that are more sustainable.

Featured Image

Why is it important?

When a malware detector deteriorates in its performance over time, the decreasing accuracy means more malware will slip away from your detection using the detector. This is one of main reasons that malware continues to surge despite the available of many detectors and the use of them in screening apps. To renew the detector, new malware samples are needed for re-training the underlying machine learning model, but such samples are not always available, especially when detecting emerging kinds of malware. And even new samples are available, re-training the model is expensive. Thus, a malware detector that is more sustainable by construction is surely more desirable.


From a research perspective, sustainability should be considered an important performance metric in evaluating a learning-based malware detector. From a practitioner's perspective, greater sustainability with a malware detector means better defense against malware overall and lower costs in maintaining good detection performance.

Haipeng Cai
Washington State University

Read the Original

This page is a summary of: Assessing and Improving Malware Detection Sustainability through App Evolution Studies, ACM Transactions on Software Engineering and Methodology, April 2020, ACM (Association for Computing Machinery), DOI: 10.1145/3371924.
You can read the full text:




The following have contributed to this page