Neural Networks Optimizations Against Concept and Data Drift in Malware Detection

Traditional malware detection methods rely on signatures, heuristics and behaviors [1, 2]. However, these solutions are not suitable in the long term due to the significant number of malware present in the cyberspace, and creating new rules for detection becomes an impractical and unscalable approach. As an alternative, machine learning models have demonstrated great success in various tasks, such as classification, computer vision, and anomaly detection, making them promising solutions for the future of malicious software detection. In particular, neural networks and LightGBM [3] have shown particularly encouraging results [4, 5, 6]. Such machine learning models can use static characteristics extracted from malicious files, such as imports, strings, and headers information, or dynamic characteristics, as network activity or registry modifications, collected during files execution. While these models perform well, they face the challenge of constant malware evolution.