1. Technical Field
The following disclosure pertains in general to computer security and particularly to identifying predictive security models that are resistant to concept drift.
2. Description of the Related Art
In predictive analytics and machine learning, classification systems are trained to identify a target property. For example, these classification systems may be trained to identify a wide variety of malicious software (malware) that can attack modern computers. These malware threats include computer viruses, worms, Trojan horse programs, spyware, adware, crimeware, and phishing websites.
However, the target property that the classification systems are trained to classify are typically time dependent. That is, the target property that the classification systems are trained to identify may change over time; this is referred to as concept drift. As the target property changes, the predictions of the classification systems become less accurate over time. Furthermore, as updates to the classification system are made, it is difficult to determine how the updates impact the predictions of the classification systems. Accordingly, it is difficult to determine how changes to classification systems that are sensitive to concept drift impact the classification performance of the classification systems.