Improving Generalization on Cybersecurity Tasks with Multi-Modal Contrastive Learning
Abstract
The use of ML in cybersecurity has long been impaired by generalization issues: Models that work well in controlled scenarios fail to maintain performance in production. The root cause often lies in ML algorithms learning superficial patterns (shortcuts) rather than underlying cybersecurity concepts. We investigate contrastive multi-modal learning as a first step towards improving ML performance in cybersecurity tasks. We aim at transferring knowledge from data-rich modalities, such as text, to data-scarce modalities, such as payloads. We set up a case study on threat classification and propose a two-stage multi-modal contrastive learning framework that uses textual vulnerability descriptions to guide payload classification. First, we construct a semantically meaningful embedding space using contrastive learning on descriptions. Then, we align payloads to this space, transferring knowledge from text to payloads. We evaluate the approach on a large-scale private dataset and a synthetic benchmark built from public CVE descriptions and LLM-generated payloads. The methodology appears to reduce shortcut learning over baselines on both benchmarks. We release our synthetic benchmark and source code as open source.
Cite
@article{arxiv.2603.20181,
title = {Improving Generalization on Cybersecurity Tasks with Multi-Modal Contrastive Learning},
author = {Jianan Huang and Rodolfo V. Valentim and Luca Vassio and Matteo Boffa and Marco Mellia and Idilio Drago and Dario Rossi},
journal= {arXiv preprint arXiv:2603.20181},
year = {2026}
}
Comments
Submitted to Euro S&P - 5th International Workshop on Designing and Measuring Security in Systems with AI