Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Asadi, Zahra, Jeon, Haeseung, Han, Sohyun, Kamol, Md Mahmuduzzaman, Oh, Se Eun, Rahman, Mohammad Saidur
Format: Preprint
Veröffentlicht: 2026
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2605.09664
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866914564087480320
author Asadi, Zahra
Jeon, Haeseung
Han, Sohyun
Kamol, Md Mahmuduzzaman
Oh, Se Eun
Rahman, Mohammad Saidur
author_facet Asadi, Zahra
Jeon, Haeseung
Han, Sohyun
Kamol, Md Mahmuduzzaman
Oh, Se Eun
Rahman, Mohammad Saidur
contents As over 200 million new malware samples are identified each year, antivirus systems must continuously adapt to the evolving threat landscape. However, retraining solely on new samples leads to catastrophic forgetting and exploitable blind spots, while retraining on the entire dataset incurs substantial computational cost. We propose FreeMOCA, a memory- and compute-efficient continual learning framework for malicious code analysis that preserves prior knowledge via adaptive layer-wise interpolation between consecutive task updates, leveraging the fact that warm-started task optima are connected by low-loss paths in parameter space. We evaluate FreeMOCA in both class-incremental (Class-IL) and domain-incremental (Domain-IL) settings on large-scale Windows (EMBER) and Android (AZ) malware benchmarks. FreeMOCA achieves substantial gains in Class-IL, outperforming 11 baselines on both EMBER and AZ benchmarks. It also significantly reduces forgetting, achieving the best retention across baselines, and improving accuracy by up to 42% and 37% on EMBER and AZ, respectively. These results demonstrate that warm-started interpolation in parameter space provides a scalable and effective alternative to replay for continual malware detection. Code is available at: https://github.com/IQSeC-Lab/FreeMOCA.
format Preprint
id arxiv_https___arxiv_org_abs_2605_09664
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle FreeMOCA: Memory-Free Continual Learning for Malicious Code Analysis
Asadi, Zahra
Jeon, Haeseung
Han, Sohyun
Kamol, Md Mahmuduzzaman
Oh, Se Eun
Rahman, Mohammad Saidur
Cryptography and Security
Machine Learning
As over 200 million new malware samples are identified each year, antivirus systems must continuously adapt to the evolving threat landscape. However, retraining solely on new samples leads to catastrophic forgetting and exploitable blind spots, while retraining on the entire dataset incurs substantial computational cost. We propose FreeMOCA, a memory- and compute-efficient continual learning framework for malicious code analysis that preserves prior knowledge via adaptive layer-wise interpolation between consecutive task updates, leveraging the fact that warm-started task optima are connected by low-loss paths in parameter space. We evaluate FreeMOCA in both class-incremental (Class-IL) and domain-incremental (Domain-IL) settings on large-scale Windows (EMBER) and Android (AZ) malware benchmarks. FreeMOCA achieves substantial gains in Class-IL, outperforming 11 baselines on both EMBER and AZ benchmarks. It also significantly reduces forgetting, achieving the best retention across baselines, and improving accuracy by up to 42% and 37% on EMBER and AZ, respectively. These results demonstrate that warm-started interpolation in parameter space provides a scalable and effective alternative to replay for continual malware detection. Code is available at: https://github.com/IQSeC-Lab/FreeMOCA.
title FreeMOCA: Memory-Free Continual Learning for Malicious Code Analysis
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2605.09664