{"id":"https://openalex.org/W7152745135","doi":"https://doi.org/10.48550/arxiv.2604.06599","title":"Can Drift-Adaptive Malware Detectors Be Made Robust? Attacks and Defenses Under White-Box and Black-Box Threats","display_name":"Can Drift-Adaptive Malware Detectors Be Made Robust? Attacks and Defenses Under White-Box and Black-Box Threats","publication_year":2026,"publication_date":"2026-04-08","ids":{"openalex":"https://openalex.org/W7152745135","doi":"https://doi.org/10.48550/arxiv.2604.06599"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.06599","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.06599","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.06599","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029628811","display_name":"Adrian Shuai Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Li, Adrian Shuai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119792448","display_name":"Md Ajwad Akil","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Akil, Md Ajwad","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133289825","display_name":"Elisa Bertino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bertino, Elisa","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5029628811"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.5200999975204468,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.5200999975204468,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.4302999973297119,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.00570000009611249,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8109999895095825},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7523999810218811},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6953999996185303},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5938000082969666},{"id":"https://openalex.org/keywords/robustification","display_name":"Robustification","score":0.5338000059127808},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5174999833106995},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4088999927043915},{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.40059998631477356}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8109999895095825},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7649000287055969},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7523999810218811},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.737500011920929},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6953999996185303},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5938000082969666},{"id":"https://openalex.org/C2778584072","wikidata":"https://www.wikidata.org/wiki/Q7353545","display_name":"Robustification","level":3,"score":0.5338000059127808},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5174999833106995},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4088999927043915},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.40059998631477356},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.397599995136261},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.35100001096725464},{"id":"https://openalex.org/C2776434776","wikidata":"https://www.wikidata.org/wiki/Q19246213","display_name":"Domain adaptation","level":3,"score":0.32429999113082886},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.3221000134944916},{"id":"https://openalex.org/C2989419327","wikidata":"https://www.wikidata.org/wiki/Q322348","display_name":"Arms race","level":2,"score":0.3003999888896942},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.29170000553131104},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2793000042438507},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.2623000144958496}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.06599","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.06599","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.06599","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.06599","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.4718378484249115,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Concept":[0],"drift":[1],"and":[2,79,110,132,155,172,187,231],"adversarial":[3,24,43,196],"evasion":[4],"are":[5],"two":[6,122,219],"major":[7],"challenges":[8],"for":[9,200,205],"deploying":[10],"machine":[11],"learning-based":[12],"malware":[13,39,138],"detectors.":[14],"While":[15],"both":[16],"have":[17],"been":[18],"studied":[19],"separately,":[20],"their":[21],"combination,":[22],"the":[23,71,77,107,129,162,191],"robustness":[25,68,213],"of":[26,112],"drift-adaptive":[27],"detectors,":[28],"remains":[29],"unexplored.":[30],"We":[31,114,222],"address":[32,87],"this":[33],"problem":[34],"with":[35,52,56,117],"AdvDA,":[36],"a":[37,48,53,65,83,91,97],"recent":[38],"detector":[40],"that":[41,95,136,226],"uses":[42],"domain":[44,51,55],"adaptation":[45,150],"to":[46,76,106,167,174,182],"align":[47],"labeled":[49],"source":[50,72,195],"target":[54],"limited":[57],"labels.":[58],"The":[59],"distribution":[60],"shift":[61],"between":[62],"domains":[63],"poses":[64],"unique":[66],"challenge:":[67],"learned":[69],"on":[70,101,152],"may":[73],"not":[74,215],"transfer":[75,216],"target,":[78],"existing":[80],"defenses":[81,202],"assume":[82],"fixed":[84],"distribution.":[85],"To":[86],"this,":[88],"we":[89,160],"propose":[90],"universal":[92],"robustification":[93],"framework":[94,178],"fine-tunes":[96],"pretrained":[98],"AdvDA":[99,164],"model":[100],"adversarially":[102],"transformed":[103],"inputs,":[104],"agnostic":[105],"attack":[108,170],"type":[109],"choice":[111],"transformations.":[113],"instantiate":[115],"it":[116],"five":[118,148],"defense":[119,146],"variants":[120],"spanning":[121],"threat":[123,220],"models:":[124],"white-box":[125],"PGD":[126,168,201],"attacks":[127,135],"in":[128],"feature":[130],"space":[131],"black-box":[133],"MalGuise":[134,175,206],"modify":[137],"binaries":[139],"via":[140],"functionality-preserving":[141],"control-flow":[142],"mutations.":[143],"Across":[144],"nine":[145],"configurations,":[147],"monthly":[149],"windows":[151],"Windows":[153],"malware,":[154],"three":[156],"false-positive-rate":[157],"operating":[158],"points,":[159],"find":[161],"undefended":[163],"completely":[165],"vulnerable":[166],"(100%":[169],"success)":[171],"moderately":[173],"(13%).":[176],"Our":[177],"reduces":[179],"these":[180,218],"rates":[181],"as":[183,185],"low":[184],"3.2%":[186],"5.1%,":[188],"respectively,":[189],"but":[190],"optimal":[192],"strategy":[193],"differs:":[194],"training":[197,210],"is":[198],"essential":[199],"yet":[203],"counterproductive":[204],"defenses,":[207],"where":[208],"target-only":[209],"suffices.":[211],"Furthermore,":[212],"does":[214],"across":[217],"models.":[221],"provide":[223],"deployment":[224],"recommendations":[225],"balance":[227],"robustness,":[228],"detection":[229],"accuracy,":[230],"computational":[232],"cost.":[233]},"counts_by_year":[],"updated_date":"2026-04-10T06:07:51.998497","created_date":"2026-04-10T00:00:00"}