A Novel Active Learning Approach to Label One Million Unknown Malware Variants

TL;DR

This paper introduces two innovative active learning methods, including a Vision Transformer-based Bayesian Neural Network, to efficiently label one million unknown malware variants, demonstrating improved stability and robustness in uncertainty estimation.

Contribution

It presents a novel active learning framework using ViT-BNN for malware classification, advancing uncertainty handling and applicability to large-scale unknown malware datasets.

Findings

ViT-BNN outperforms traditional models in uncertainty estimation.

The proposed methods effectively label large-scale malware datasets.

ViT-BNN demonstrates superior stability and robustness.

Abstract

Active learning for classification seeks to reduce the cost of labeling samples by finding unlabeled examples about which the current model is least certain and sending them to an annotator/expert to label. Bayesian theory can provide a probabilistic view of deep neural network models by asserting a prior distribution over model parameters and estimating the uncertainties by posterior distribution over these parameters. This paper proposes two novel active learning approaches to label one million malware examples belonging to different unknown modern malware families. The first model is Inception-V4+PCA combined with several support vector machine (SVM) algorithms (UTSVM, PSVM, SVM-GSU, TBSVM). The second model is Vision Transformer based Bayesian Neural Networks ViT-BNN. Our proposed ViT-BNN is a state-of-the-art active learning approach that differs from current methods and can apply to any particular task. The experiments demonstrate that the ViT-BNN is more stable and robust in handling uncertainty.