MADCAT: Combating Malware Detection Under Concept Drift with Test-Time Adaptation

We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. During test-time training, the model learns features that are useful for detecting both previously seen (old) data and newly arriving samples. We demonstrate the effectiveness of MADCAT in continuous Android malware detection settings. MADCAT consistently outperforms baseline methods in detection performance at test time. We also show the synergy between MADCAT and prior approaches in addressing concept drift in malware detection

@article{roh2025_2505.18734,
  title={ MADCAT: Combating Malware Detection Under Concept Drift with Test-Time Adaptation },
  author={ Eunjin Roh and Yigitcan Kaya and Christopher Kruegel and Giovanni Vigna and Sanghyun Hong },
  journal={arXiv preprint arXiv:2505.18734},
  year={ 2025 }
}