Salvato in:
Dettagli Bibliografici
Autori principali: He, Yiling, Lei, Junchi, She, Hongyu, Shao, Shuo, Zheng, Xinran, Liu, Yiping, Qin, Zhan, Cavallaro, Lorenzo
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2511.11439
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866915949920124928
author He, Yiling
Lei, Junchi
She, Hongyu
Shao, Shuo
Zheng, Xinran
Liu, Yiping
Qin, Zhan
Cavallaro, Lorenzo
author_facet He, Yiling
Lei, Junchi
She, Hongyu
Shao, Shuo
Zheng, Xinran
Liu, Yiping
Qin, Zhan
Cavallaro, Lorenzo
contents Binary security has increasingly relied on deep learning to reason about malware behavior and program semantics. However, the performance often degrades as threat landscapes evolve and code representations shift. While continual learning (CL) offers a natural solution through sequential updates, most existing approaches rely on data replay or unconstrained updates, limiting their applicability and effectiveness in data-sensitive security environments. We propose RETROFIT, which regulates knowledge retention and adaptation with controlled forgetting at each update, without requiring historical data. Our key idea is to consolidate previously trained and newly fine-tuned models, serving as teachers of legacy and emergent knowledge, through retrospective-free parameter merging. Forgetting control is achieved by 1) constraining parameter changes to low-rank and sparse subspaces for approximate orthogonality, and 2) employing a confidence-guided arbitration mechanism to dynamically aggregate knowledge from both teachers. Our evaluation on two representative applications demonstrates that RETROFIT consistently mitigates forgetting while maintaining adaptability. In malware detection under temporal drift, it substantially improves the retention score, from 20.2% to 38.6% over CL baselines, and exceeds the oracle upper bound on new data. In binary summarization across decompilation levels, where analyzing stripped binaries is especially challenging, RETROFIT achieves over 2x the BLEU score of transfer learning used in prior work and surpasses all baselines in cross-representation generalization.
format Preprint
id arxiv_https___arxiv_org_abs_2511_11439
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Retrofit: Continual Learning with Controlled Forgetting for Binary Security Detection and Analysis
He, Yiling
Lei, Junchi
She, Hongyu
Shao, Shuo
Zheng, Xinran
Liu, Yiping
Qin, Zhan
Cavallaro, Lorenzo
Machine Learning
Artificial Intelligence
Binary security has increasingly relied on deep learning to reason about malware behavior and program semantics. However, the performance often degrades as threat landscapes evolve and code representations shift. While continual learning (CL) offers a natural solution through sequential updates, most existing approaches rely on data replay or unconstrained updates, limiting their applicability and effectiveness in data-sensitive security environments. We propose RETROFIT, which regulates knowledge retention and adaptation with controlled forgetting at each update, without requiring historical data. Our key idea is to consolidate previously trained and newly fine-tuned models, serving as teachers of legacy and emergent knowledge, through retrospective-free parameter merging. Forgetting control is achieved by 1) constraining parameter changes to low-rank and sparse subspaces for approximate orthogonality, and 2) employing a confidence-guided arbitration mechanism to dynamically aggregate knowledge from both teachers. Our evaluation on two representative applications demonstrates that RETROFIT consistently mitigates forgetting while maintaining adaptability. In malware detection under temporal drift, it substantially improves the retention score, from 20.2% to 38.6% over CL baselines, and exceeds the oracle upper bound on new data. In binary summarization across decompilation levels, where analyzing stripped binaries is especially challenging, RETROFIT achieves over 2x the BLEU score of transfer learning used in prior work and surpasses all baselines in cross-representation generalization.
title Retrofit: Continual Learning with Controlled Forgetting for Binary Security Detection and Analysis
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2511.11439