University of Illinois Urbana-Champaign

Measuring concept drift in malware and network intrusion detection models

Zhang, Zhenning

Permalink

https://hdl.handle.net/2142/124267

Description

Title
Measuring concept drift in malware and network intrusion detection models
Author(s)
Zhang, Zhenning
Issue Date
2024-04-15
Director of Research (if dissertation) or Advisor (if thesis)
Wang, Gang
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
  • Concept Drift
  • Malware Detection
  • Network Security
Abstract
This thesis delves into the phenomenon of concept drift, a critical issue in the field of machine learning where the statistical properties of the target variable, which the model is trying to predict, change over time. This work is particularly focused on understanding the reason and impact of concept drift in cybersecurity contexts through measurement and modeling approaches, using both Portable Executable (PE) files in Windows and Android malware datasets, as well as network data from a real-world Security Operations Center (SOC) facility. The research begins with a comprehensive introduction to the concept drift, laying out its definitions and taxonomies, specifically highlighting feature drift and data drift. It then proceeds to explore these types of drifts using a PE/Android dataset, analyzing how feature and data drifts manifest in these domains. Subsequently, the thesis introduces a novel model designed to detect data drift in network traffic. The model employs a unique approach to generate cross-host features and utilizes a Support Vector Machine (SVM) for the detection of data drift. Meanwhile, we also perform measurements to understand the network attacks. Through rigorous analysis and modeling, the research presents a concrete step to the understanding of the reason and impact of concept drift in cybersecurity, presenting a novel approach to network intrusion detection that can be beneficial for future research and practical applications in the field. The findings not only enhance the academic understanding of concept drift but also offer practical solutions to detect and adapt to it in dynamic environments, thereby improving the robustness and reliability of machine learning models in security-sensitive applications.
Graduation Semester
2024-05
Type of Resource
Thesis
Copyright and License Information
Copyright 2024 Zhenning Zhang

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois