In Android malware detection, continual learning (CL) introduces “security regression”—the re-emergence of previously detected malicious samples as false negatives after model updates—posing severe security risks. Method: This paper formally defines security regression for the first time and proposes a regression-aware continual learning framework. Its core innovation is a model-agnostic Positive Consistency Training (PCT) mechanism, which enforces prediction consistency on historical malicious samples during incremental updates via a regression-aware loss function. Results: Experiments on ELSA, Tesseract, and AZ-Class datasets demonstrate that the method significantly reduces security regression rates while maintaining high detection accuracy and strong evolutionary adaptability, thereby ensuring long-term reliability of malware detection systems.

Malware evolves rapidly, forcing machine learning (ML)-based detectors to adapt continuously. With antivirus vendors processing hundreds of thousands of new samples daily, datasets can grow to billions of examples, making full retraining impractical. Continual learning (CL) has emerged as a scalable alternative, enabling incremental updates without full data access while mitigating catastrophic forgetting. In this work, we analyze a critical yet overlooked issue in this context: security regression. Unlike forgetting, which manifests as a general performance drop on previously seen data, security regression captures harmful prediction changes at the sample level, such as a malware sample that was once correctly detected but evades detection after a model update. Although often overlooked, regressions pose serious risks in security-critical applications, as the silent reintroduction of previously detected threats in the system may undermine users' trust in the whole updating process. To address this issue, we formalize and quantify security regression in CL-based malware detectors and propose a regression-aware penalty to mitigate it. Specifically, we adapt Positive Congruent Training (PCT) to the CL setting, preserving prior predictive behavior in a model-agnostic manner. Experiments on the ELSA, Tesseract, and AZ-Class datasets show that our method effectively reduces regression across different CL scenarios while maintaining strong detection performance over time.