Ethan Rudd

Mandiant

and

David Krisiloff

Mandiant

Loss on Demand: Toward Discriminative-Generative Hybrid Models for Malware Classification Confidence (pdf)

Malware classification in the wild remains a difficult problem due in part to concept drift and out-of-distribution data. Concept drift occurs when the statistical properties of target classes, e.g., malware or goodware, change over time, and practical application of machine learning (ML) for information security can be framed as an Open Set Recognition problem. Under an Open Set paradigm, samples that are ill-supported by data in the training set occur at deployment and one must be able to flag these unsupported samples as “unknowns” to differentiate them from properly classified samples. Open Set Recognition was formalized in Scheirer et. al. [1] as a risk minimization problem.

ML deployments for malware detection in the industry typically address concept drift through periodic model retrains on novel data at some specified cadence and do not address the open set problem at all. In practice, a specified cadence for model updates could be replaced by a measure of concept drift, and rather than accepting potential false positives from ‘unknown’ samples and dealing with them as they occur, some measure of support could be used instead to flag these samples and pre-emptively route them to auxiliary detection technologies, least expensive to most expensive (e.g., when static detection is ill-supported route to dynamic detection; when dynamic detection is ill-supported, route to an analyst). Thus, there is motivation for a malware classification model whose representation can be used to provide measurements of statistical support and concept drift for each sample.

While discriminative models are effective at encouraging class separation in a latent space, they are susceptible to concept drift and are not guaranteed to work well in an Open Set Recognition regime, particularly for losses which aim to force separation at the margin but do little to bound the span of class predictions. Moreover, losses which rely on an associated sample label can only be evaluated during training and validation stages; not on new samples encountered after deployment.

By contrast, generative models aim to characterize data distributions and can specifically shape the distribution of sample points in the latent space. For example, Variational Auto-Encoders (VAEs) aim to enforce specific Gaussian distributional constraints which can be used to bound the spread of samples in latent space. Moreover, VAE loss functions can often be computed irrespective of class label, as loss terms are typically evaluated with respect to either data reconstruction, divergence from a known distribution, or the veracity of a sample (real/fake) as is commonly devised in adversarial learning paradigms.

In this presentation, we explore methods to combine loss functions from generative models with standard discriminative losses into multi-objective hybrid discriminative-generative models. We then discuss the impacts on classification performance and training of these auxiliary loss terms on malware detection through examples on open-source malware and goodware datasets (e.g., EMBER 2018, SOREL 20M), applying open set evaluation protocols [1]. We then investigate the characteristics of the associated latent spaces, motivate measurements of concept drift between source and target distributions, and implement classification confidence measures. Additionally, we compare how thresholding generative losses during deployment might be used to enhance classification confidence and reduce open space risk.

[1] W. J. Scheirer, A. Rocha, A. Sapkota, and T. E. Boult, “Towards open set recognition,” IEEE T-PAMI, vol. 36, July 2013.