Self-supervised contrastive representation learning for classifying Internet of Things malware

Open Webpage

Fangwei Wang, Yinhe Chen, Hongfeng Gao, Qingru Li, Changguang Wang

Published: 01 Jun 2025, Last Modified: 07 Nov 2025Engineering Applications of Artificial IntelligenceEveryoneRevisionsCC BY-SA 4.0
Abstract: The rapid increase in malware prevalence poses a substantial security threat to Internet of Things (IoT) devices. Classifying IoT malware has emerged as a crucial area, essential for identifying attack patterns and developing effective defense strategies. Many methods for classifying malware utilize supervised learning. However, supervised learning in malware classification requires a considerable amount of labeled samples, which poses challenges and costs in acquiring and labeling malware samples. Furthermore, Some malware classification models struggle to fully extract features. This article proposes a self-supervised contrastive learning framework. Initially, the malware is converted to greyscale. The encoder is then pre-trained by self-supervised contrastive learning. The encoder with the new structure is able to extract features more comprehensively, while the projection header with attention is enabled to project features into the low-dimensional space more efficiently. Finally, the pre-trained encoder and classifier are fine-tuned to form a classification model using labeled samples. Experiments have shown that the proposed method has better accuracy regardless of the number of labeled samples. Experiments conducted using the publicly benchmarked datasets, Malware Image (Malimg) and the Microsoft Malware Classification Challenge (BIG2015), demonstrate that our framework outperforms state-of-the-art deep learning models and traditional methods in terms of accuracy, with achieved rates of 99.46% and 99.22%, respectively. Using only 5% of the labels from BIG2015, the proposed framework produces an impressive accuracy of 94.76%. Furthermore, it also outperforms baseline methods in identifying evolving malware, as indicated by its accuracy of 79% in a benchmarked dataset for trustworthy malware family classification (BenchMFC-G1P1P2).