TrustBoot: A Trust Bootstrapping Framework for Semi-Supervised Malware Detection

Abstract

Today, malware detection represents one of the most critical cybersecurity challenges due to the rapid evolution of threats. One of the most promising approach is the adoption of machine learning (ML) detection methods, nevertheless, their design is not trivial due to the scarcity of up-to-date labeled data. In order to keep up with emerging malware variants, ML-based detection systems must be frequently updated and retrained using recent samples. However, the manual process of feature engineering and expert labeling and analysis is time-consuming and costly, making it impractical for frequent updates. This work presents TrustBoot, a semi-supervised framework for detecting malicious software, that exploits the exact knowledge only about a small set of trusted applications, and is capable of processing a larger set of unlabeling applications. To achieve this goal, TrustBoot adopts a visual encoding of binary executable, that eases the detection of anomalies, which are related to the p resence of malware. Experiments on large Android malware datasets demonstrate that the proposed pipeline achieves competitive detection performance, matching or exceeding fully supervised approaches while substantially reducing the need for manual intervention for the dataset curation and overcoming the reliance on labeled malicious data.