Systems and methods may be used to classify incoming testing data, such as binaries, function calls, an application package, or the like, to determine whether the testing data is contaminated using an adversarial attack or benign while training a machine learning system to detect malware. A method may include using a sparse coding technique or a semi-supervised learning technique to classify the testing data. Training data may be used to represent the testing data using the sparse coding technique or to train the supervised portion of the semi-supervised learning technique.