Hugging Face's logo

jackwilkie
/
ResNet1D_152_MalNet_Signal_Type

Model card Files
xet
Community

ResNet1D-152 for type-level classification on MalNet Signal

Pretrained ResNet1D-152 for classing malware signals as described by this paper.

The full code bases, including training and evaluation proceedure, is available here.

Malware Signals

Malware signals are 1D representations of the bytecode of an executable which act as an alternative to byteplot images as input to machine learning models. These signals can be statically extracted from various formated (e.g. EXE, APK), and used to train a 1D CNN for malware classification. By using a 1D representation of the binaries, more information from the original binary is preserved and the addition of spurious spatial correlation is avoided, resulting in improved downstream model performance. A comparison of malware signals with byteplot images is shown below:

Model Details

The model is a ResNet152 model with a deep stem and squeeze-and-excitation layers which has been adapted to operate on 1D signals by replacing the 2D convolutions with 1D convolutions, and squaring the kernel sizes and stride values.

Results

ResNet1DV2-152D-SE outperforms all existing 2D models on MalNet binary, type, and family level classification:

Model Binary Type Family
F1 Score Precision Recall F1 Score Precision Recall F1 Score Precision Recall
ResNet1DV2-152D-SE .874 .907 .846 .503 .643 .453 .507 .580 .480
SHERLOCK .854 .920 .810 .497 .628 .447 .491 .568 .461
ResNet18 .862 .893 .837 .467 .556 .424 .454 .538 .423
ResNet50 .854 .907 .814 .479 .566 .441 .468 .541 .443
DenseNet121 .864 .900 .834 .471 .558 .428 .461 .529 .438
Densenet169 .864 .890 .841 .477 .573 .433 .462 .545 .434
MobileNetV2(x.5) .857 .894 .827 .460 .547 .424 .451 .528 .423
MobileNetV2(x1) .854 .889 .825 .452 .527 .419 .438 .532 .405

Citation

BibTeX:

@misc{wilkie2025signalbasedmalwareclassificationusing,
    title={Signal-Based Malware Classification Using 1D CNNs}, 
    author={Jack Wilkie and Hanan Hindy and Ivan Andonovic and Christos Tachtatzis and Robert Atkinson},
    year={2025},
    eprint={2509.06548},
    archivePrefix={arXiv},
    primaryClass={cs.CR},
    url={https://arxiv.org/abs/2509.06548}, 
}

APA:

Wilkie, J., Hindy, H., Andonovic, I., Tachtatzis, C., & Atkinson, R. (2025). Signal-Based Malware Classification Using 1D CNNs. arXiv [Cs.CR]. Retrieved from http://arxiv.org/abs/2509.06548
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Dataset used to train jackwilkie/ResNet1D_152_MalNet_Signal_Type