What are the steps needed...

What are the steps needed...

  1. Feature Extraction
  2. Data Preparation
  3. Artificial Intelligence
  4. Concept Drift

Feature Extraction

Feature Extraction

  • Static, Dynamic, Memory features
  • This is not the main goal of work
  • The idea in this step is to extract some information from PE file in order to classify it

Data Preparation

Data Preparation

  • Create an input that compatible to ML model
  • Delete duplications
  • Delete redundant features

AI

AI

This is where concept drift analysis begins

AI

  • Train a ML model using initial period data
  • Test it with subsequent data
  • Calculate selected performance metrics
    • F1 Score
    • FPR

Concept Drift

Concept Drift

  1. Concept Drift Detection
  2. Concept Drift Understanding
  3. Concept Drift Adaptation

Concept Drift Detection

  • Observing performance changes in dataset from different timeline
  • Classify as:
    • Sudden Drift
    • Incremental Drift
    • Gradual Drift
    • Reoccurring Drift

Concept Drift Understanding

  • Where? When? How?
  • What triggered to drift
  • API deprecations, API advancements etc...

Concept Drift Adaptation

Update the model

  • Online Learning
  • Ensemble Methods

What have I done so far.

Timestamps

Timestamps

Feature Extraction

Feature Extraction

Data Preparation

Data Preparation

AI

AI

AI

Concept Drift

Concept Drift

Conclusion

Static Feature

Memory Feature

Merged Feature

Drift Classification

Future Work

Future Work

  • More Analysis (sample) for the reliable results
  • Using memory dump effectively
  • Investigate reasons for the drift
  • Strengthen the model