{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:24:57Z","timestamp":1757618697644,"version":"3.44.0"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031976223"},{"type":"electronic","value":"9783031976230"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_1","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:38:10Z","timestamp":1752140290000},"page":"3-24","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards Explainable Drift Detection and\u00a0Early Retrain in\u00a0ML-Based Malware Detection Pipelines"],"prefix":"10.1007","author":[{"given":"Jayesh","family":"Tripathi","sequence":"first","affiliation":[]},{"given":"Heitor","family":"Gomes","sequence":"additional","affiliation":[]},{"given":"Marcus","family":"Botacin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"1_CR1","doi-asserted-by":"publisher","unstructured":"Adams, J.N., van Zelst, S.J., Quack, L., Hausmann, K., van der Aalst, W., Rose, T.: A framework for explainable concept drift detection in process mining. In: Polyvyanyy, A., Wynn, M.T., Van Looy, A., Reichert, M. (eds.) BPM 2021. LNCS, vol. 12875, pp. 400\u2013416. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-85469-0_25","DOI":"10.1007\/978-3-030-85469-0_25"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Andresini, G., Pendlebury, F., Pierazzi, F., Loglisci, C., Appice, A., Cavallaro, L.: Insomnia: towards concept-drift robustness in network intrusion detection. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, pp. 111\u2013122 (2021)","DOI":"10.1145\/3474369.3486864"},{"key":"1_CR3","unstructured":"Arp, D., et al.: Dos and don\u2019ts of machine learning in computer security. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3971\u20133988. USENIX Association, Boston, MA (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/arp"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS. The Internet Society (2014). http:\/\/dblp.uni-trier.de\/db\/conf\/ndss\/ndss2014.html#ArpSHGR14","DOI":"10.14722\/ndss.2014.23247"},{"key":"1_CR5","unstructured":"Baena-Garc\u0131a, M., del Campo-\u00c1vila, J., Fidalgo, R., Bifet, A., Gavalda, R., Morales-Bueno, R.: Early drift detection method. In: Fourth International Workshop on Knowledge Discovery from Data Streams, vol.\u00a06, pp. 77\u201386. Citeseer (2006)"},{"key":"1_CR6","doi-asserted-by":"publisher","unstructured":"Barbero, F., Pendlebury, F., Pierazzi, F., Cavallaro, L.: Transcending transcend: revisiting malware classification in the presence of concept drift. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 805\u2013823 (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833659","DOI":"10.1109\/SP46214.2022.9833659"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Bhaskhar, N., Rubin, D.L., Lee-Messer, C.: An explainable and actionable mistrust scoring framework for model monitoring. IEEE Trans. Artif. Intell. (2023)","DOI":"10.1109\/TAI.2023.3272876"},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"Bhatt, U., et al.: Explainable machine learning in deployment. In: Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency, pp. 648\u2013657 (2020)","DOI":"10.1145\/3351095.3375624"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Bifet, A., Gavalda, R.: Learning from time-changing data with adaptive windowing. In: Proceedings of the 2007 SIAM International Conference on Data Mining, pp. 443\u2013448. SIAM (2007)","DOI":"10.1137\/1.9781611972771.42"},{"key":"1_CR10","doi-asserted-by":"publisher","unstructured":"Ceschin, F., et al.: Machine learning (in) security: a stream of problems. Digital Threats 5(1) (2024). https:\/\/doi.org\/10.1145\/3617897","DOI":"10.1145\/3617897"},{"key":"1_CR11","doi-asserted-by":"publisher","first-page":"118590","DOI":"10.1016\/j.eswa.2022.118590","volume":"212","author":"F Ceschin","year":"2023","unstructured":"Ceschin, F., Botacin, M., Gomes, H.M., Pinag\u00e9, F., Oliveira, L.S., Gr\u00e9gio, A.: Fast & furious: on the modelling of malware detection as an evolving data stream. Expert Syst. Appl. 212, 118590 (2023)","journal-title":"Expert Syst. Appl."},{"key":"1_CR12","unstructured":"Chen, L., Yagemann, C., Downing, E.: To believe or not to believe: validating explanation fidelity for dynamic malware analysis. In: CVPR Workshops, pp. 48\u201352 (2019)"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Chow, T., Kan, Z., Linhardt, L., Cavallaro, L., Arp, D., Pierazzi, F.: Drift forensics of malware classifiers. In: Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, pp. 197\u2013207 (2023)","DOI":"10.1145\/3605764.3623918"},{"key":"1_CR14","doi-asserted-by":"publisher","unstructured":"Daoudi, N., Allix, K., Bissyand\u00e9, T.F., Klein, J.: A deep dive inside Drebin: an explorative analysis beyond android malware detection scores. ACM Trans. Priv. Secur. 25(2) (2022). https:\/\/doi.org\/10.1145\/3503463","DOI":"10.1145\/3503463"},{"issue":"1","key":"1_CR15","doi-asserted-by":"publisher","first-page":"23017","DOI":"10.1038\/s41598-021-02481-y","volume":"11","author":"C Duckworth","year":"2021","unstructured":"Duckworth, C., et al.: Using explainable machine learning to characterise data drift and detect emergent health risks for emergency department admissions during COVID-19. Sci. Rep. 11(1), 23017 (2021)","journal-title":"Sci. Rep."},{"key":"1_CR16","doi-asserted-by":"publisher","unstructured":"Gama, J., Medas, P., Castillo, G., Rodrigues, P.: Learning with drift detection. In: Bazzan, A., Labidi, S. (eds.) SBIA 2004. LNCS (LNAI), vol. 3171, pp. 286\u2013295. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28645-5_29","DOI":"10.1007\/978-3-540-28645-5_29"},{"key":"1_CR17","doi-asserted-by":"publisher","unstructured":"Gomes, H.M., Grzenda, M., Mello, R., Read, J., Le\u00a0Nguyen, M.H., Bifet, A.: A survey on semi-supervised learning for delayed partially labelled data streams. ACM Comput. Surv. 55(4) (2022). https:\/\/doi.org\/10.1145\/3523055","DOI":"10.1145\/3523055"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Haug, J., Braun, A., Z\u00fcrn, S., Kasneci, G.: Change detection for local explainability in evolving data streams. In: Proceedings of the 31st ACM International Conference on Information & Knowledge Management, pp. 706\u2013716 (2022)","DOI":"10.1145\/3511808.3557257"},{"key":"1_CR19","unstructured":"He, Y., Lei, J., Qin, Z., Ren, K.: Going proactive and explanatory against malware concept drift (2024)"},{"key":"1_CR20","doi-asserted-by":"publisher","first-page":"126640","DOI":"10.1016\/j.neucom.2023.126640","volume":"555","author":"F Hinder","year":"2023","unstructured":"Hinder, F., Vaquet, V., Brinkrolf, J., Hammer, B.: Model-based explanations of concept drift. Neurocomputing 555, 126640 (2023)","journal-title":"Neurocomputing"},{"issue":"2","key":"1_CR21","doi-asserted-by":"publisher","first-page":"e1327","DOI":"10.1002\/widm.1327","volume":"10","author":"H Hu","year":"2020","unstructured":"Hu, H., Kantardzic, M., Sethi, T.S.: No free lunch theorem for concept drift detection in streaming data classification: a review. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 10(2), e1327 (2020)","journal-title":"Wiley Interdiscip. Rev. Data Min. Knowl. Discov."},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Jacob, V., Song, F., Stiegler, A., Rad, B., Diao, Y., Tatbul, N.: Exathlon: a benchmark for explainable anomaly detection over time series. arXiv preprint arXiv:2010.05073 (2020)","DOI":"10.14778\/3476249.3476307"},{"key":"1_CR23","unstructured":"Jordaney, R., et al.: Transcend: detecting concept drift in malware classification models. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 625\u2013642. USENIX Association, Vancouver, BC (2017). https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/jordaney"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Panda, P., Kancheti, S.S., Balasubramanian, V.N., Sinha, G.: Interpretable model drift detection. In: Proceedings of the 7th Joint International Conference on Data Science & Management of Data (11th ACM IKDD CODS and 29th COMAD), pp.\u00a01\u20139 (2024)","DOI":"10.1145\/3632410.3632434"},{"key":"1_CR25","unstructured":"Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L.: TESSERACT: eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 729\u2013746. USENIX Association, Santa Clara, CA (2019). https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/pendlebury"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Shaer, I., Shami, A.: Thwarting cybersecurity attacks with explainable concept drift. arXiv preprint arXiv:2403.13023 (2024)","DOI":"10.1109\/IWCMC61514.2024.10592411"},{"key":"1_CR27","unstructured":"Vishnampet, R., Shenoy, R., Chen, J., Gupta, A.: Root causing prediction anomalies using explainable AI. arXiv preprint arXiv:2403.02439 (2024)"},{"issue":"4","key":"1_CR28","doi-asserted-by":"publisher","first-page":"964","DOI":"10.1007\/s10618-015-0448-4","volume":"30","author":"GI Webb","year":"2016","unstructured":"Webb, G.I., Hyde, R., Cao, H., Nguyen, H.L., Petitjean, F.: Characterizing concept drift. Data Min. Knowl. Disc. 30(4), 964\u2013994 (2016)","journal-title":"Data Min. Knowl. Disc."},{"key":"1_CR29","unstructured":"Yang, L., et al.: CADE: detecting and explaining concept drift samples for security applications. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 2327\u20132344. USENIX Association (2021). https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/yang-limin"},{"key":"1_CR30","unstructured":"Zheng, S., et al.: Labelless concept drift detection and explanation. In: NeurIPS 2019 Workshop on Robust AI in Financial Services: Data, Fairness, Explainability, Trustworthiness, and Privacy (2019)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:52:43Z","timestamp":1757209963000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"All code developed in this search is available at","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Reproducibility."}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}