Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Preprint |
| Published: |
2026
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2601.10164 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866908767485952000 |
|---|---|
| author | Diamantopoulos, Themistoklis Natsos, Dimosthenis Symeonidis, Andreas L. |
| author_facet | Diamantopoulos, Themistoklis Natsos, Dimosthenis Symeonidis, Andreas L. |
| contents | The rapid growth of Cloud Computing and Internet of Things (IoT) has significantly increased the interconnection of computational resources, creating an environment where malicious software (malware) can spread rapidly. To address this challenge, researchers are increasingly utilizing Machine Learning approaches to identify malware through behavioral (i.e. dynamic) cues. However, current approaches are limited by their reliance on large labeled datasets, fixed model training, and the assumption that a trained model remains effective over time-disregarding the ever-evolving sophistication of malware. As a result, they often fail to detect evolving malware attacks that adapt over time. This paper proposes an online learning approach for dynamic malware detection, that overcomes these limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics. By doing so, the proposed models can incrementally adapt to emerging threats and detect zero-day malware effectively. Upon evaluating our approach against traditional batch algorithms, we find it effective in detecting zero-day malware. Moreover, we demonstrate its efficacy in scenarios with limited data availability, where traditional batch-based approaches often struggle to perform reliably. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2601_10164 |
| institution | arXiv |
| publishDate | 2026 |
| record_format | arxiv |
| spellingShingle | Towards Online Malware Detection using Process Resource Utilization Metrics Diamantopoulos, Themistoklis Natsos, Dimosthenis Symeonidis, Andreas L. Software Engineering The rapid growth of Cloud Computing and Internet of Things (IoT) has significantly increased the interconnection of computational resources, creating an environment where malicious software (malware) can spread rapidly. To address this challenge, researchers are increasingly utilizing Machine Learning approaches to identify malware through behavioral (i.e. dynamic) cues. However, current approaches are limited by their reliance on large labeled datasets, fixed model training, and the assumption that a trained model remains effective over time-disregarding the ever-evolving sophistication of malware. As a result, they often fail to detect evolving malware attacks that adapt over time. This paper proposes an online learning approach for dynamic malware detection, that overcomes these limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics. By doing so, the proposed models can incrementally adapt to emerging threats and detect zero-day malware effectively. Upon evaluating our approach against traditional batch algorithms, we find it effective in detecting zero-day malware. Moreover, we demonstrate its efficacy in scenarios with limited data availability, where traditional batch-based approaches often struggle to perform reliably. |
| title | Towards Online Malware Detection using Process Resource Utilization Metrics |
| topic | Software Engineering |
| url | https://arxiv.org/abs/2601.10164 |