Table of Contents
Fetching ...

Memory-Based Malware Detection under Limited Data Conditions: A Comparative Evaluation of TabPFN and Ensemble Models

Valentin Leroy, Shuvalaxmi Dass, Sharif Ullah

TL;DR

This paper addresses malware detection under data scarcity by evaluating TabPFN, a learning-free tabular transformer, against Random Forest, LightGBM, and XGBoost on the CIC-MalMem-2022 dataset across 3-, 10-, and 15-class configurations. It demonstrates that TabPFN achieves 2–6% higher accuracy than baselines in low-data regimes, albeit with higher computational time, especially for larger class counts. The work highlights TabPFN’s potential for data-scarce cybersecurity workflows while acknowledging practical trade-offs in processing time. The authors suggest future extensions, including AutoTabPFN, to improve scalability to large multiclass tasks.

Abstract

Artificial intelligence and machine learning have significantly advanced malware research by enabling automated threat detection and behavior analysis. However, the availability of exploitable data is limited, due to the absence of large datasets with real-world data. Despite the progress of AI in cybersecurity, malware analysis still suffers from this data scarcity, which limits model generalization. In order to tackle this difficulty, this workinvestigates TabPFN, a learning-free model designed for low-data regimes. We evaluate its performance against established baselines such as Random Forest, LightGBM and XGBoost, across multiple class configurations. Our experimental results indicate that TabPFN surpasses all other models in low-data regimes, with a 2% to 6% improvement observed across multiple performance metrics. However, this increase in performance has an impact on its computation time in a particular case. These findings highlight both the promise and the practical limitations of integrating TabPFN into cybersecurity workflows.

Memory-Based Malware Detection under Limited Data Conditions: A Comparative Evaluation of TabPFN and Ensemble Models

TL;DR

This paper addresses malware detection under data scarcity by evaluating TabPFN, a learning-free tabular transformer, against Random Forest, LightGBM, and XGBoost on the CIC-MalMem-2022 dataset across 3-, 10-, and 15-class configurations. It demonstrates that TabPFN achieves 2–6% higher accuracy than baselines in low-data regimes, albeit with higher computational time, especially for larger class counts. The work highlights TabPFN’s potential for data-scarce cybersecurity workflows while acknowledging practical trade-offs in processing time. The authors suggest future extensions, including AutoTabPFN, to improve scalability to large multiclass tasks.

Abstract

Artificial intelligence and machine learning have significantly advanced malware research by enabling automated threat detection and behavior analysis. However, the availability of exploitable data is limited, due to the absence of large datasets with real-world data. Despite the progress of AI in cybersecurity, malware analysis still suffers from this data scarcity, which limits model generalization. In order to tackle this difficulty, this workinvestigates TabPFN, a learning-free model designed for low-data regimes. We evaluate its performance against established baselines such as Random Forest, LightGBM and XGBoost, across multiple class configurations. Our experimental results indicate that TabPFN surpasses all other models in low-data regimes, with a 2% to 6% improvement observed across multiple performance metrics. However, this increase in performance has an impact on its computation time in a particular case. These findings highlight both the promise and the practical limitations of integrating TabPFN into cybersecurity workflows.
Paper Structure (18 sections, 4 equations, 1 figure, 6 tables)