Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal Samples
Adrian Shuai Li
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Malware
The relentless evolution of Windows malware poses a significant challenge for machine learning-based detection systems. Traditional models, trained on known samples, quickly become obsolete when attackers introduce new variants or families, a phenomenon known as **concept drift**. This talk, presented by Adrian Shuai Li from Purdue University, addresses the critical problem of building robust malware detection models that can rapidly adapt to these new threats with minimal labeled data. The core of their work introduces an innovative framework leveraging **adversarial domain adaptation** with **Graph Neural Networks (GNNs)** to learn invariant features across malware variants, enabling quick and efficient model updates.
AI review
Technically legitimate academic work on concept drift adaptation for malware detection — adversarial domain adaptation with GNNs plus a methodological critique of leave-one-out evaluation on Big 15. Competent research that advances a real problem, but it lands squarely in the 'solid conference paper' tier: incremental rather than transformative, and the writeup reads more like a paper abstract than a talk review.