Deep Transfer Learning for Static Malware Classification
This work addresses malware detection for security practitioners, offering an incremental improvement through transfer learning and interpretability.
The authors tackled static malware classification by applying deep transfer learning from computer vision, which accelerated training time while maintaining high performance, outperforming classical methods in accuracy, false positive rate, true positive rate, and F1 score.
We propose to apply deep transfer learning from computer vision to static malware classification. In the transfer learning scheme, we borrow knowledge from natural images or objects and apply to the target domain of static malware detection. As a result, training time of deep neural networks is accelerated while high classification performance is still maintained. We demonstrate the effectiveness of our approach on three experiments and show that our proposed method outperforms other classical machine learning methods measured in accuracy, false positive rate, true positive rate and $F_1$ score (in binary classification). We instrument an interpretation component to the algorithm and provide interpretable explanations to enhance security practitioners' trust to the model. We further discuss a convex combination scheme of transfer learning and training from scratch for enhanced malware detection, and provide insights of the algorithmic interpretation of vision-based malware classification techniques.