Transfer Learning for Malware Multi-Classification

Document Type


Publication Date


Subject: LCSH

Computer security, Machine learning, Malware (Computer software), Anomaly detection (Computer security), Intrusion detection systems (Computer security), Neural networks (Computer science)


Computer Engineering | Computer Sciences | Electrical and Computer Engineering


In this paper, we build on top of the MalConv neural networks learning architecture which was initially designed for malware/benign classification. We evaluate the transfer learning of MalConv for malware multi-class classification by extending its contribution in several directions: (1) We assess MalConv performance on a multi-classification problem using a new dataset composed of solely malware samples belonging to different malware families, (2) we evaluate MalConv on the raw bytes data as well as on the opcodes extracted from the reversed assembly samples and compare the results, (3) we validate the MalConv findings about regularization, and (4) we study MalConv performance when using a medium size dataset and limited computational resources and GPU. The obtained results show that MalConv performs equally well for multi-classification and its performance on raw byte sequences is comparable to opcodes sequences. DeCov regularization is shown to improve the accuracy results better than other regularization techniques.



Publisher Citation

Mohamad Al Kadri, Mohamed Nassar, and Haidar Safa. 2019. Transfer learning for malware multi-classification. In Proceedings of the 23rd International Database Applications & Engineering Symposium (IDEAS '19). Association for Computing Machinery, New York, NY, USA, Article 19, 1–7.

Check your library