Label-efficient Training Updates for Malware Detection over Time

Label-efficient Training Updates for Malware Detection over Time | Signal Canvas | ScienceToStartup

Page Freshness

Signal Canvas proof surface

Canonical route: /signal-canvas/label-efficient-training-updates-for-malware-detection-over-time

stale

Proof freshness: stale
Proof status: unverified
Display score: 4/10
Last proof check: 2026-03-31
Score updated: 2026-04-02
Score fresh until: 2026-05-02
References: 27
Source count: 3
Coverage: 50%

This page is showing the last landed evidence receipt and score bundle because the latest proof data is outside the freshness window.

Agent Handoff

Canonical ID label-efficient-training-updates-for-malware-detection-over-time | Route /signal-canvas/label-efficient-training-updates-for-malware-detection-over-time

REST example

curl https://sciencetostartup.com/api/v1/agent-handoff/signal-canvas/label-efficient-training-updates-for-malware-detection-over-time

MCP example

{
  "tool": "search_signal_canvas",
  "arguments": {
    "mode": "paper",
    "paper_ref": "label-efficient-training-updates-for-malware-detection-over-time",
    "query_text": "Summarize Label-efficient Training Updates for Malware Detection over Time"
  }
}

source_context

{
  "surface": "signal_canvas",
  "mode": "paper",
  "query": "Label-efficient Training Updates for Malware Detection over Time",
  "normalized_query": "2603.28396",
  "route": "/signal-canvas/label-efficient-training-updates-for-malware-detection-over-time",
  "paper_ref": "label-efficient-training-updates-for-malware-detection-over-time",
  "topic_slug": null,
  "benchmark_ref": null,
  "dataset_ref": null
}

Evidence Receipt

Route status: building

Claims: 8

References: 27

Proof: Verification pending

Freshness state: computing

Source paper: Label-efficient Training Updates for Malware Detection over Time

PDF: https://arxiv.org/pdf/2603.28396v1

Source count: 3

Coverage: 50%

Last proof check: 2026-03-31T20:53:21.085Z

Signal Canvas receipt window

Not build-ready: Label-efficient Training Updates for Malware Detection over Time

/buildability/label-efficient-training-updates-for-malware-detection-over-time

Ignoreblocked

Subject: Label-efficient Training Updates for Malware Detection over Time

Verdict

Ignore

Verdict is Ignore because current viability and proof state do not clear the buildability gate.

Preparing verified analysis

GitHub Code Pulse

No public code linked for this paper yet.

Claim map

Strong 8Mixed 0Weak 0

Evidencepartial
We show that these techniques, when combined, can reduce manual annotation costs by up to 90% across both domains while achieving comparable detection performance to full-labeling retraining.
Implicationpartial
Directly stated in the abstract with specific numeric evidence (90%) and clear performance comparison.
Verificationpartial
partial
Evidencepartial
In this work, we bridge this gap by proposing a model-agnostic framework that evaluates an extensive set of AL and SSL techniques, isolated and combined, for Android and Windows malware detection.
Implicationpartial
Explicitly stated in the abstract as a key contribution to address limitations of prior work.
Verificationpartial
partial
Evidencepartial
We also introduce a methodology for feature-level drift analysis that measures feature stability over time, showing its correlation with the detector performance.
Implicationpartial
Directly stated in the abstract as a novel contribution with clear purpose.
Verificationpartial
partial
Evidencepartial
existing studies... lack a consistent methodology for analyzing the distribution drift, despite the critical sensitivity of the malware domain to temporal changes.
Implicationpartial
Directly stated in the abstract as a limitation of prior work.
Verificationpartial
partial
Evidencepartial
For binary linear classifiers, MS, LCS, and ES are equivalent, as they all select samples closest to the decision boundary f(x) = τ; consequently, they induce identical query rankings.
Implicationpartial
Directly stated in the methodology section with clear technical explanation.
Verificationpartial
partial
Evidencepartial
We focus on pool-based approaches, where models access large pools of unlabeled samples and select the most informative ones for labeling, aligning with operational malware analysis, where suspicious software is continuously collected and selectively labeled offline under a constrained expert budget.
Implicationpartial
Directly stated in the methodology section with clear justification.
Verificationpartial
partial
Evidencepartial
This strategy may become computationally costly due to the repeated retraining required to estimate improvement in AP.
Implicationpartial
Directly stated in the methodology section as a limitation of the approach.
Verificationpartial
partial
Evidencepartial
Overall, our study provides a detailed understanding of how AL and SSL behave under distribution drift and how they can be successfully combined, offering practical insights for the design of effective detectors over time.
Implicationpartial
Directly stated in the abstract as a key contribution and outcome of the research.
Verificationpartial
partial

Author intelligence and commercialization panels stay hidden until the proof receipt is verified, cites at least 3 references, includes at least 2 sources, and clears 50% coverage. The paper narrative and citation surfaces remain public while verification is pending.

Label-efficient Training Updates for Malware Detection over Time

Use Signal Canvas as the narrative proof surface

Use this Signal Canvas via API or MCP

Signal Canvas proof surface