Unified adversarial learning framework for incremental malware classification
摘要
Malware is evolving so quickly that the traditional methods of detection cannot be used to identify new or unknown threats anymore. Incremental learning offers a promising approach for adapting malware detection models to continuously evolving threats by allowing them to incorporate new knowledge over time. However, this process presents key challenges, particularly the tendency of models to lose performance on previously learned attack patterns when updated with new information. A major concern in this context is adversarial attacks: deliberate manipulations of malware samples designed to mislead the model into making incorrect predictions. The majority of the current methods deal with a single type of adversarial attack or use data replay, storing previous samples to avoid forgetting. Replay-based techniques cause privacy issues and lack scalability, which restricts their practical use. Furthermore, there is no available framework to promote incremental learning among various types of adversarial attacks and be data-independent. In this paper, we propose a single adversarial continual learning model to counterattack Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), and Momentum Iterative Method (MIM) in the absence of previous data. The model starts with the training of a Convolutional Neural Network (CNN) in normalized malware image representations on the Malimg and Malevis datasets. Elastic Weight Consolidation (EWC) has been used to address catastrophic forgetting by storing salient parameters, whereas a Memory-Augmented Neural Network (MANN) stores high-confidence adversarial features rather than raw examples. Moreover, the dynamic ensemble approach adds strength by combining forecasts with different weights based on the confidence rates. The experiments demonstrate that the model achieves an accuracy of 91% under FGSM, 77 % under PGD, 75 % under MIM, and 94 % on clean data. These findings demonstrate how the framework can scale, its resistance to diverse adversarial attacks, and its reliance on the data stored in the past.