Designing a Malware Classification Pipeline with Static and Dynamic Features

Building a malware classification pipeline that holds up in production is a design problem more than a coding problem. The features you choose, the way you collect and label samples, the careful separation of test and training data, and the evaluation routines all shape whether the system delivers value or quietly fails. This course walks through those decisions in the order they typically arise. You will work through written design exercises that mirror how a small security or research team would plan a classification pipeline. The emphasis is on the practical tradeoffs that decide whether a system is useful in operations. What you'll learn: - Plan sample collection strategies that include benign and malicious examples across families and ages - Design labeling routines that produce trustworthy ground truth without circular reasoning - Extract static features such as imports, strings, and structural metadata in a robust way - Capture dynamic behavior including API call sequences, network activity, and file operations in safe sandboxes - Compare modeling approaches including classical methods, gradient boosting, and modern deep learning - Evaluate performance with operationally meaningful metrics including false positive rate and detection lag The course progresses from sample collection and labeling through feature extraction, modeling, and evaluation. A capstone written exercise asks you to draft a one-page design for a classification pipeline targeted at a specific threat scenario. This course is designed for beginners with some software or security background, including junior security analysts, threat researchers, and computer science students. No deep malware experience is required. The course treats the pipeline as a design problem and is informational, not a guide for handling live samples without proper controls.