Abstract
Malware evolves rapidly, forcing machine learning (ML)-based detectors toadapt continuously. With antivirus vendors processing hundreds of thousands ofnew samples daily, datasets can grow to billions of examples, making fullretraining impractical. Continual learning (CL) has emerged as a scalablealternative, enabling incremental updates without full data access whilemitigating catastrophic forgetting. In this work, we analyze a critical yetoverlooked issue in this context: security regression. Unlike forgetting, whichmanifests as a general performance drop on previously seen data, securityregression captures harmful prediction changes at the sample level, such as amalware sample that was once correctly detected but evades detection after amodel update. Although often overlooked, regressions pose serious risks insecurity-critical applications, as the silent reintroduction of previouslydetected threats in the system may undermine users' trust in the whole updatingprocess. To address this issue, we formalize and quantify security regressionin CL-based malware detectors and propose a regression-aware penalty tomitigate it. Specifically, we adapt Positive Congruent Training (PCT) to the CLsetting, preserving prior predictive behavior in a model-agnostic manner.Experiments on the ELSA, Tesseract, and AZ-Class datasets show that our methodeffectively reduces regression across different CL scenarios while maintainingstrong detection performance over time.