[Big News] I started as CS Assistant Professor @ Texas A&M @TAMUEngineering I'm looking for new collaborators and new students to keep researching malware and systems security. Get in touch!

[New Paper] "Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms Typo Correction" We published this week at @wootsecurity.

Join millions who have switched to Grok.

And I will be talking there!.

Want to know more? Check our work!.

And there are pretty significant cases of dataset imbalances in popular malware dataset, such as in DREBIN. See the results for more than 5K runs with different configurations:

This includes false positives (on the drift detection report). We are able to pinpoint, for instance, when a FP occurs because the model did not learn enough due to class imbalance.

The result is that this approach can explain what is happening at every drift point.

We created an entire taxonomy about when drift happens and when not, for the most formal ones.

We also identified that concept drift is directional: only expansions towards the border cause true drift in the main classifier. Thus, by measuring directionality, we can predict if a concept expansion will cause a drift in the future and anticipate it (early retrain).

True drift represent changes in both meta models and boundaries, whereas false drift affect the boundary but not the meta models.

To detect these cases we create an architecture of external meta-models that can be applied to any internal ML model. The meta-models measure the concepts, where the main model is responsible for the boundaries.

Sometimes samples cross the boundary because of concept expansion (true drift), but sometimes because the line is misplaced (false positive drift). We want to detect these cases.

Our key insight in this paper is that there is a difference between the concept (the circles) and the decision boundary (lines) of a classifier.

[New Paper] "Towards Explainable Drift Detection and Early Retrain in ML-Based Malware Detection Pipelines" - My first paper with one of my students as the main author. Congrats to Jayesh for his presentation today at DIMVA! Check the paper here:

RT @HouSecCon: In this episode Michael and Sam are talking to malware researcher Dr. Marcus Botacin. Dr. Botacin discusses his journey from….

See you in the next offering.

All the vulnerabilities were disclosed to the developers. Many of them (unfortunately not all) answered and even fixed them, which is great!.

I recorded some of the classes, if you are interested:

But don't worry. The students were able to patch many of those vulnerabilities and to verify many other patches, such as those escapes:

In a more sophisticated attack, one team was able to abuse an intent to move the window to the foreground while screenshoting it via accessibility services.

The previous attack was ran against a mobile app. What happen when the app is protected by a password? Well, students could bruteforce it.