Scheme of Concept Drift Self-Adaptation Based on Few-Shot Learning

• 1、School of Cyberspace and Science Technology, Beijing Jiaotong University,Beijing 100044
• 2、School of Mathematics and Statistics, Beijing Jiaotong University,Beijing,100044

Abstract：Machine Learning methods can detect Android malware with very high accuracy, but these classifiers have a fatal weakness - concept drift, which means that as malicious and benign applications continue to evolve, the performance of deployed detection models rapidly deteriorates. Existing concept drift self-adaptation methods based on active learning are severely inadequate in scenarios where initial samples of new malware are extremely scarce and exhibit long-tailed distributions, resulting in the misclassification of new malware in the optimal method lasting an average of several months. To address this, this paper proposes a few-shot continual learning framework based on prototype networks. By constructing class prototypes of benign and malicious samples and integrating multiple active learning sampling strategies, it dynamically selects high-value drifting samples under limited annotation budgets, and combines historical data replay and warm-start strategies to achieve efficient and continual model updates. Experimental evaluations on multiple real-world concept drift datasets such as APIGraph, AndroZoo, BODMAS, and Content show that the proposed method significantly improves the detection ability of new few-shot samples and low-frequency families with long-tailed distributions while maintaining macroscopic detection performance, reducing the average misclassification duration of new malware by over 50%, and outperforming existing mainstream methods on refined evaluation metrics.

Keywords： Information Security Malware Detection Concept Drift Adaptation Active Learning Few-Shot Learning Prototypical Network