# FlowMalTrans: Unsupervised Binary Code Translation for Malware Detection Using Flow-Adapter Architecture

**Authors:** Minghao Hu, Junzhe Wang, Weisen Zhao, Qiang Zeng, Lannan Luo

arXiv: 2508.20212 · 2025-09-09

## TL;DR

FlowMalTrans introduces an unsupervised approach combining neural machine translation and normalizing flows to enable cross-ISA malware detection, reducing data collection efforts for diverse instruction set architectures.

## Contribution

The paper presents a novel unsupervised method for translating malware across ISAs, allowing effective detection with limited labeled data in each architecture.

## Key findings

- Effective cross-ISA malware detection demonstrated
- Reduces need for labeled malware samples in multiple ISAs
- Leverages translation to improve detection accuracy

## Abstract

Applying deep learning to malware detection has drawn great attention due to its notable performance. With the increasing prevalence of cyberattacks targeting IoT devices, there is a parallel rise in the development of malware across various Instruction Set Architectures (ISAs). It is thus important to extend malware detection capacity to multiple ISAs. However, training a deep learning-based malware detection model usually requires a large number of labeled malware samples. The process of collecting and labeling sufficient malware samples to build datasets for each ISA is labor-intensive and time-consuming. To reduce the burden of data collection, we propose to leverage the ideas of Neural Machine Translation (NMT) and Normalizing Flows (NFs) for malware detection. Specifically, when dealing with malware in a certain ISA, we translate it to an ISA with sufficient malware samples (like X86-64). This allows us to apply a model trained on one ISA to analyze malware from another ISA. Our approach reduces the data collection effort by enabling malware detection across multiple ISAs using a model trained on a single ISA.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2508.20212/full.md

## Figures

15 figures with captions in the complete paper: https://tomesphere.com/paper/2508.20212/full.md

## References

66 references — full list in the complete paper: https://tomesphere.com/paper/2508.20212/full.md

---
Source: https://tomesphere.com/paper/2508.20212