Skip to main content

Quick Start Guide

Get your malware classification model up and running in just a few minutes.

Prerequisites

1

Python Environment

Ensure you have Python 3.10 or higher installed:
python --version  # Should show 3.10+
2

Dataset Preparation

Organize your malware images in the following structure:
dataset/malware/
├── class1/
│   ├── image1.png
│   ├── image2.png
│   └── ...
├── class2/
│   └── ...
└── class3/
    └── ...

Installation

Launch the Dashboard

1

Navigate to App Directory

cd app
2

Run Streamlit

streamlit run main.py
The dashboard will automatically open in your browser at http://localhost:8501
The app will automatically detect your hardware:
  • CUDA GPU for NVIDIA graphics cards
  • MPS for Apple Silicon (M1/M2/M3)
  • CPU fallback if no GPU is available

Your First Model

Follow this workflow to train your first malware classifier:
1

Create New Session

Click “New Session” in the header to start with a clean state
Sessions are automatically saved and can be resumed later from the “Past Sessions” dropdown
2

Configure Dataset

Navigate to 📊 Dataset page and complete these tabs:Tab 1: Selection
  • The app automatically scans dataset/malware/ for class folders
  • Set train/validation/test splits (default: 70/15/15)
  • View class distribution chart
Tab 2: Preprocessing
  • Target size: 224x224 (recommended for transfer learning)
  • Normalization: [0,1] or ImageNet
  • Color mode: Grayscale (typical for malware images)
Tab 3: Augmentation
  • Select a preset: Light, Moderate, or Heavy
  • Or configure custom augmentation parameters
Tab 4: Preview
  • View random sample images with preprocessing applied
3

Build Model

Navigate to 🧠 Model page and choose an architecture:
4

Configure Training

Navigate to ⚙️ Training page:Quick Start Settings:
Optimizer: Adam
Learning Rate: 0.001
Batch Size: 32
Max Epochs: 50
LR Scheduler: ReduceLROnPlateau
Early Stopping: 10 epochs patience
Class Imbalance: Auto Class Weights
The sidebar shows configuration status:
  • ✅ Dataset configured
  • ✅ Model configured
  • ✅ Training configured
5

Start Training

Navigate to 📈 Monitor page:
  1. Review your configuration summary
  2. Click “Start Training”
  3. Watch real-time metrics:
    • Training & validation loss/accuracy
    • Current learning rate
    • Batch progress
    • Time per epoch
Training controls:
  • Pause/Resume: Temporarily halt training
  • Stop: End training early
  • Auto-checkpointing: Best model saved automatically
6

Evaluate Results

Navigate to 🎯 Results page:Available Visualizations:
  • Learning curves (loss & accuracy over time)
  • Confusion matrix with per-class accuracy
  • Per-class metrics (precision, recall, F1-score)
  • ROC curves for each class
  • Training summary statistics
Export options:
  • Download confusion matrix
  • Save metrics to CSV
  • Export model checkpoint
7

Interpret Model (Optional)

Navigate to 🔍 Interpretability page:Visualization Tools:
Visualize what regions the model focuses on:
  • Select an image from test set
  • View heatmap overlay showing attention
  • Compare true vs predicted labels
Analyze prediction errors:
  • Grid view of misclassified images
  • Confidence scores
  • Confusion pairs (which classes get confused)
Explore learned feature space:
  • 2D projection of final layer embeddings
  • Color-coded by true/predicted class
  • Identify clustering patterns

Example Training Session

Here’s what a typical training session looks like: 
# Session: malware_classifier_2024_03_04
# Created: 2024-03-04 10:30:15

# Dataset Configuration
Classes: 9 (Adialer, Agent, Allaple, ...)
Total Images: 8,642
Train: 6,049 (70%) | Val: 1,296 (15%) | Test: 1,297 (15%)
Augmentation: Moderate

# Model Configuration  
Architecture: ResNet50 (Transfer Learning)
Strategy: Fine Tuning (10 layers)
Parameters: 23.5M total, 8.2M trainable

# Training Configuration
Optimizer: Adam (lr=0.001)
Batch Size: 32
Early Stopping: 10 epochs
Device: CUDA (NVIDIA RTX 3080)

# Training Results (15 epochs)
Best Validation Accuracy: 94.8% (epoch 12)
Test Accuracy: 93.7%
F1-Score (Macro): 0.932
Training Time: 18m 42s

Common Workflows

Quick Experiment

Goal: Test if transfer learning works for your dataset
  1. Use default dataset splits
  2. Pick ResNet50 with Feature Extraction
  3. Train for 10 epochs
  4. Check validation accuracy
Time: ~5-10 minutes

Hyperparameter Tuning

Goal: Optimize learning rate and batch size
  1. Create baseline session
  2. Clone session for each experiment
  3. Vary one parameter at a time:
    • LR: [0.0001, 0.001, 0.01]
    • Batch: [16, 32, 64]
  4. Compare results on Results page
Time: 1-2 hours

Architecture Search

Goal: Find best custom CNN architecture
  1. Start with simple baseline (2 conv blocks)
  2. Gradually increase depth
  3. Try different filter sizes
  4. Add regularization (dropout, batch norm)
Time: Several hours

Production Model

Goal: Train best possible model
  1. Use heavy data augmentation
  2. Fine-tune large model (ResNet101)
  3. Train until convergence (50+ epochs)
  4. Analyze misclassifications
  5. Iterate on augmentation/architecture
Time: Several hours to days

Troubleshooting

Solutions:
  • Reduce batch size (try 16 or 8)
  • Use smaller model (try EfficientNetB0 instead of ResNet101)
  • Reduce image size (192x192 instead of 224x224)
  • Close other GPU applications
  • Enable gradient checkpointing (for very large models)
Check:
  • Device being used (should be GPU, not CPU)
  • View device info in header: “Device: CUDA” or “Device: MPS”
  • If showing “Device: CPU”, check GPU drivers
Tips:
  • Increase batch size if memory allows
  • Use mixed precision training (FP16)
  • Ensure data augmentation isn’t too heavy
Possible causes:
  • Learning rate too high or too low
  • Model too deep/complex for dataset size
  • Data not normalized properly
  • Class imbalance not handled
Solutions:
  • Try learning rate: 0.0001 → 0.001 → 0.01
  • Enable Auto Class Weights
  • Check preprocessing (normalize to [0,1] or ImageNet stats)
  • Start with simpler model
Required structure:
app/dataset/malware/
├── class1/
├── class2/
└── class3/
The dataset/malware/ directory must exist relative to the app/ folder where you run Streamlit.

Next Steps

Full Installation Guide

Detailed setup including GPU drivers and optional dependencies

Architecture Guide

Deep dive into model architectures and design patterns

Training Best Practices

Advanced techniques for better model performance

API Reference

Documentation for core modules and functions
Need help? Check the tooltips throughout the app (hover over ⓘ icons) for context-specific guidance.

Build docs developers (and LLMs) love

Get started for freeTalk to us