{"id":"https://openalex.org/W4388886775","doi":"https://doi.org/10.1145/3605764.3623918","title":"Drift Forensics of Malware Classifiers","display_name":"Drift Forensics of Malware Classifiers","publication_year":2023,"publication_date":"2023-11-21","ids":{"openalex":"https://openalex.org/W4388886775","doi":"https://doi.org/10.1145/3605764.3623918"},"language":"en","primary_location":{"id":"doi:10.1145/3605764.3623918","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623918","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://discovery.ucl.ac.uk/10182372/1/Drift%20Forensics%20of%20Malware%20Classifiers.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004166214","display_name":"T.T. Chow","orcid":null},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Theo Chow","raw_affiliation_strings":["King's College London, London, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0003-2125-8828","affiliations":[{"raw_affiliation_string":"King's College London, London, United Kingdom","institution_ids":["https://openalex.org/I183935753"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049761986","display_name":"Zeliang Kan","orcid":null},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]},{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Zeliang Kan","raw_affiliation_strings":["King's College London &amp; University College London, London, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0007-4740-1134","affiliations":[{"raw_affiliation_string":"King's College London &amp; University College London, London, United Kingdom","institution_ids":["https://openalex.org/I183935753","https://openalex.org/I45129253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085289050","display_name":"Lorenz Linhardt","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lorenz Linhardt","raw_affiliation_strings":["TU Berlin &amp; BIFOLD, Berlin, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-5533-5524","affiliations":[{"raw_affiliation_string":"TU Berlin &amp; BIFOLD, Berlin, United Kingdom","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036908366","display_name":"Lorenzo Cavallaro","orcid":"https://orcid.org/0000-0002-3878-2680"},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Lorenzo Cavallaro","raw_affiliation_strings":["University College London, London, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-3878-2680","affiliations":[{"raw_affiliation_string":"University College London, London, United Kingdom","institution_ids":["https://openalex.org/I45129253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029169901","display_name":"Daniel J. Arp","orcid":"https://orcid.org/0000-0003-3628-794X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Daniel Arp","raw_affiliation_strings":["TU Berlin, Berlin, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0003-3628-794X","affiliations":[{"raw_affiliation_string":"TU Berlin, Berlin, United Kingdom","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072597369","display_name":"Fabio Pierazzi","orcid":"https://orcid.org/0000-0002-1254-1758"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Fabio Pierazzi","raw_affiliation_strings":["King's College London, London, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-1254-1758","affiliations":[{"raw_affiliation_string":"King's College London, London, United Kingdom","institution_ids":["https://openalex.org/I183935753"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5004166214"],"corresponding_institution_ids":["https://openalex.org/I183935753"],"apc_list":null,"apc_paid":null,"fwci":1.9189,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.8727948,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"197","last_page":"207"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8684977889060974},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8026154041290283},{"id":"https://openalex.org/keywords/concept-drift","display_name":"Concept drift","score":0.79298335313797},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.636733889579773},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5287446975708008},{"id":"https://openalex.org/keywords/mobile-malware","display_name":"Mobile malware","score":0.516790509223938},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.48689737915992737},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.48027849197387695},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4776134192943573},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.43206340074539185},{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.4273500442504883},{"id":"https://openalex.org/keywords/root-cause","display_name":"Root cause","score":0.4216915965080261},{"id":"https://openalex.org/keywords/open-research","display_name":"Open research","score":0.41370776295661926},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.326479434967041},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2650681734085083},{"id":"https://openalex.org/keywords/data-stream-mining","display_name":"Data stream mining","score":0.11234891414642334},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.09072473645210266},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.07692378759384155},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.07215139269828796}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8684977889060974},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8026154041290283},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.79298335313797},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.636733889579773},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5287446975708008},{"id":"https://openalex.org/C2780967490","wikidata":"https://www.wikidata.org/wiki/Q1291200","display_name":"Mobile malware","level":3,"score":0.516790509223938},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.48689737915992737},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.48027849197387695},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4776134192943573},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.43206340074539185},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.4273500442504883},{"id":"https://openalex.org/C84945661","wikidata":"https://www.wikidata.org/wiki/Q7366567","display_name":"Root cause","level":2,"score":0.4216915965080261},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.41370776295661926},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.326479434967041},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2650681734085083},{"id":"https://openalex.org/C89198739","wikidata":"https://www.wikidata.org/wiki/Q3079880","display_name":"Data stream mining","level":2,"score":0.11234891414642334},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.09072473645210266},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.07692378759384155},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.07215139269828796},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3605764.3623918","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623918","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.ucl.ac.uk.OAI2:10182372","is_oa":true,"landing_page_url":"https://discovery.ucl.ac.uk/id/eprint/10182372/","pdf_url":"https://discovery.ucl.ac.uk/10182372/1/Drift%20Forensics%20of%20Malware%20Classifiers.pdf","source":{"id":"https://openalex.org/S4306400024","display_name":"UCL Discovery (University College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45129253","host_organization_name":"University College London","host_organization_lineage":["https://openalex.org/I45129253"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"     In:  Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security.  (pp. pp. 197-207).  ACM: Copenhagen, Denmark. (2023)     ","raw_type":"Proceedings paper"},{"id":"pmh:oai:kclpure.kcl.ac.uk:openaire/74106964-e7c9-45e8-9fb0-cd1e51ea0aaa","is_oa":true,"landing_page_url":"https://kclpure.kcl.ac.uk/portal/en/publications/74106964-e7c9-45e8-9fb0-cd1e51ea0aaa","pdf_url":"https://kclpure.kcl.ac.uk/ws/files/232583328/aisec23_drift_forensics_chow.pdf","source":{"id":"https://openalex.org/S4306400216","display_name":"Research Portal (King's College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I183935753","host_organization_name":"King's College London","host_organization_lineage":["https://openalex.org/I183935753"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Chow, T, Kan, Z, Linhardt, L, Arp, D, Cavallaro, L & Pierazzi, F 2023, Drift Forensics of Malware Classifiers. in Proc. of the ACM Workshop on Artificial Intelligence and Security (AISec).","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:eprints.ucl.ac.uk.OAI2:10182372","is_oa":true,"landing_page_url":"https://discovery.ucl.ac.uk/id/eprint/10182372/","pdf_url":"https://discovery.ucl.ac.uk/10182372/1/Drift%20Forensics%20of%20Malware%20Classifiers.pdf","source":{"id":"https://openalex.org/S4306400024","display_name":"UCL Discovery (University College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45129253","host_organization_name":"University College London","host_organization_lineage":["https://openalex.org/I45129253"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"     In:  Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security.  (pp. pp. 197-207).  ACM: Copenhagen, Denmark. (2023)     ","raw_type":"Proceedings paper"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320309327","display_name":"Google","ror":"https://ror.org/00njsd438"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388886775.pdf","grobid_xml":"https://content.openalex.org/works/W4388886775.grobid-xml"},"referenced_works_count":23,"referenced_works":["https://openalex.org/W258019806","https://openalex.org/W1563088657","https://openalex.org/W1583837637","https://openalex.org/W1787224781","https://openalex.org/W2037026906","https://openalex.org/W2087347434","https://openalex.org/W2109964623","https://openalex.org/W2122672392","https://openalex.org/W2621187857","https://openalex.org/W2761114781","https://openalex.org/W2969244304","https://openalex.org/W2998961572","https://openalex.org/W3000716014","https://openalex.org/W3091722391","https://openalex.org/W3111533025","https://openalex.org/W3118244215","https://openalex.org/W3138819813","https://openalex.org/W3178593045","https://openalex.org/W3194668998","https://openalex.org/W3198941561","https://openalex.org/W4214835615","https://openalex.org/W4248025115","https://openalex.org/W4287644588"],"related_works":["https://openalex.org/W2110889728","https://openalex.org/W4256462051","https://openalex.org/W2005680383","https://openalex.org/W4388427052","https://openalex.org/W2886064601","https://openalex.org/W2485784239","https://openalex.org/W2717179875","https://openalex.org/W2311926078","https://openalex.org/W2922526186","https://openalex.org/W3199551743"],"abstract_inverted_index":{"The":[0,124],"widespread":[1],"occurrence":[2],"of":[3,14,48,102,118,131,135,151,191,201,215,248,257],"mobile":[4,261],"malware":[5,165,203,217,262],"still":[6,82],"poses":[7],"a":[8,112,128,138,159,168,230,254],"significant":[9,61],"security":[10],"threat":[11],"to":[12,73,157,252],"billions":[13],"smartphone":[15],"users.":[16],"To":[17,106,147],"counter":[18],"this":[19,108,238],"threat,":[20],"several":[21,183],"machine":[22],"learning-based":[23],"detection":[24,38,104,145,166],"systems":[25,57],"have":[26,35],"been":[27],"proposed":[28,250],"within":[29],"the":[30,45,67,90,93,98,115,132,149,179,192,199,206,213,224,242,246,249],"last":[31],"decade.":[32],"These":[33],"methods":[34],"achieved":[36],"impressive":[37],"results":[39],"in":[40,92,96,100,205,260],"many":[41],"settings,":[42],"without":[43],"requiring":[44],"manual":[46],"crafting":[47],"signatures.":[49],"Unfortunately,":[50],"recent":[51],"research":[52],"has":[53],"demonstrated":[54],"that":[55,181,189],"these":[56],"often":[58],"suffer":[59],"from":[60],"performance":[62,101,193],"drops":[63],"over":[64],"time":[65],"if":[66],"underlying":[68],"distribution":[69],"changes---a":[70],"phenomenon":[71],"referred":[72],"as":[74,167],"concept":[75,122,136,258],"drift.":[76,123],"So":[77],"far,":[78],"however,":[79],"it":[80,156],"is":[81],"an":[83],"open":[84],"question":[85],"which":[86],"main":[87],"factors":[88],"cause":[89],"drift":[91,180,259],"data":[94],"and,":[95,240],"turn,":[97],"drop":[99,194],"current":[103],"systems.":[105],"address":[107],"question,":[109],"we":[110,154,187,209],"present":[111],"framework":[113,125,251],"for":[114,142,163],"in-depth":[116],"analysis":[117,173],"dataset":[119,162,239],"affected":[120],"by":[121,198],"allows":[126],"gaining":[127],"better":[129,255],"understanding":[130,256],"root":[133],"causes":[134],"drift,":[137],"fundamental":[139],"stepping":[140],"stone":[141],"building":[143],"robust":[144],"methods.":[146,185],"examine":[148],"effectiveness":[150],"our":[152],"framework,":[153],"use":[155],"analyze":[158],"commonly":[160],"used":[161],"Android":[164],"first":[169],"case":[170],"study.":[171],"Our":[172,227],"yields":[174],"two":[175,202],"key":[176],"insights":[177],"into":[178],"affects":[182,223],"state-of-the-art":[184],"First,":[186],"find":[188],"most":[190],"can":[195,210],"be":[196],"explained":[197],"rise":[200],"families":[204,218],"dataset.":[207],"Second,":[208],"determine":[211],"how":[212],"evolution":[214],"certain":[216],"and":[219,263],"even":[220],"goodware":[221],"samples":[222],"classifier's":[225],"performance.":[226],"findings":[228],"provide":[229],"novel":[231],"perspective":[232],"on":[233],"previous":[234],"evaluations":[235],"conducted":[236],"using":[237],"at":[241],"same":[243],"time,":[244],"show":[245],"potential":[247],"obtain":[253],"related":[264],"settings.":[265]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}