cs.CRcs.LG
SEED: Semi-supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget
May 24, 2026
The paper proposes SEED, a novel semantic-structure-agnostic semi-supervised continual learning method that significantly improves malware detection performance under limited labeling by leveraging representation consistency and uncertainty quantification.
Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss (HCL) with active learning to improve robustness against drift by exploiting semantic structure in malware representations. However, obtaining labeled data in the security domain is difficult. Under partially labeled settings, HCL suffers significant performance degradation in detecting unseen malware, especially on datasets such as BODMAS where strong semantic structure may not exist. In this paper, we propose SEED, a semantic-structure-agnostic method for malware detection under limited supervision. SEED combines a tailored binary cross-entropy objective with semi-supervised continual learning and active learning. For partially labeled seen tasks, unlabeled samples are projected into a representation space constructed from previously seen data using singular value decomposition, and paired with suitable labeled samples to encourage representation consistency. For unseen tasks with fully unlabeled data, uncertainty is quantified using cosine distance in representation space, and the most uncertain samples are selected for analyst labeling. We evaluate SEED on both Windows and Android malware datasets. Using only 20% labeled data on seen tasks, SEED achieves average AUT improvements of 40% on BODMAS and 14% on AndroZoo for unseen malware detection compared to HCL* (the semi-supervised adaptation of HCL), while remaining competitive on APIGraph. Finally, we introduce a delayed buffer update strategy to reduce label noise propagation during replay and improve learning stability.
Label-efficient Training Updates for Malware Detection over Time
The paper proposes a model-agnostic framework to evaluate combining Active Learn…
Automated Malware Family Classification using Weighted Hierarchical Ensembles of Large Language Mode…
The paper proposes a zero-label malware family classification framework that use…
Robust Semi-Supervised Temporal Intrusion Detection for Adversarial Cloud Networks
The paper proposes a robust semi-supervised temporal learning framework for clou…
Can Drift-Adaptive Malware Detectors Be Made Robust? Attacks and Defenses Under White-Box and Black-…
The paper proposes a universal robustification framework to enhance drift-adapti…
Machine Learning Transferability for Malware Detection
This study evaluates various data preprocessing pipelines to improve the transfe…
Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow…
This paper proposes an explainability-guided adversarial attack that successfull…
Deanonymizing Bitcoin Transactions via Network Traffic Analysis with Semi-supervised Learning
The paper proposes NTSSL, a novel semi-supervised method that combines network t…
SEED: A Large-Scale Benchmark for Provenance Tracing in Sequential Deepfake Facial Edits
The paper introduces SEED, a large-scale benchmark dataset for tracing sequentia…