Welcome to the TIML project. This repository contains the codebase and necessary information to replicate the experiments in our paper on Temporal-Incremental Malware Learning.
-
Install Required Packages: Use the provided
environment.yaml
file to create a new Conda environment and install the required packages.conda env create --file environment.yaml
-
Activate the TIML Environment: Switch to the newly created environment using the following command:
conda activate TIML
-
Download MalNet Data: Obtain MalNet images and labels from the MalNet Website.
-
Download APKs Using Malware Hash: Utilize the malware hash corresponding to each image in the MalNet dataset to download the original APK from AndroZoo.
-
Generate MalScan Features: Use the MalScan Tool to process the APKs and extract MalScan features.
-
Generate Dataset Statistics: Execute the
chronological_statistics.py
script to compute essential statistics of the dataset.python chronological_statistics.py
-
Restructure the Dataset: Run the
data_preprocess
script to organize the dataset according to the TIML paradigm.python data_preprocess.py
-
Set Experiment Configuration: Modify the configuration files within the
exp_settings
folder to suit each approach you intend to test. -
Train and Evaluate the Model: Execute experiments based on the selected configurations. Examples are provided below:
- For MalNet image:
python main.py --exp_setting exp_settings/full_malnet_data/upper_bound.yaml
- For MalScan features:
python main_malscan.py --exp_setting exp_settings/full_malscan_data/lwf_w_exemplar_malscan.yaml
- For MalNet image: