Deep Transfer Learning for Static Malware Classification

TL;DR

This paper introduces a deep transfer learning approach from computer vision to static malware classification, improving training efficiency and accuracy while providing interpretability for security applications.

Contribution

It applies transfer learning from natural images to malware detection, demonstrating improved performance and interpretability over classical methods.

Findings

Outperforms classical machine learning in accuracy and false positive rate

Accelerates training time of deep neural networks

Provides interpretable explanations for malware classification

Abstract

We propose to apply deep transfer learning from computer vision to static malware classification. In the transfer learning scheme, we borrow knowledge from natural images or objects and apply to the target domain of static malware detection. As a result, training time of deep neural networks is accelerated while high classification performance is still maintained. We demonstrate the effectiveness of our approach on three experiments and show that our proposed method outperforms other classical machine learning methods measured in accuracy, false positive rate, true positive rate and $F_1$ score (in binary classification). We instrument an interpretation component to the algorithm and provide interpretable explanations to enhance security practitioners' trust to the model. We further discuss a convex combination scheme of transfer learning and training from scratch for enhanced malware detection, and provide insights of the algorithmic interpretation of vision-based malware classification techniques.