Catastrophic forgetting, heavy reliance on historical data, and unstable knowledge transfer severely hinder continual learning in security-critical domains. Method: This paper proposes a data-free parameter merging framework that innovatively integrates low-rank adaptive updates, sparse parameter fine-tuning, and a confidence-driven dynamic knowledge arbitration mechanism—achieving bounded forgetting control via teacher-model parameter fusion. Contribution/Results: It is the first approach to enable stable knowledge transfer in security-sensitive scenarios without accessing old samples. Experiments demonstrate: (i) in malware detection, forgetting rate decreases by over 80%, and retained accuracy improves from 20.2% to 38.6%, surpassing the ideal upper bound; (ii) in cross-decompiler-level binary summarization, BLEU score reaches twice that of current state-of-the-art methods.

Modern security analytics are increasingly powered by deep learning models, but their performance often degrades as threat landscapes evolve and data representations shift. While continual learning (CL) offers a promising paradigm to maintain model effectiveness, many approaches rely on full retraining or data replay, which are infeasible in data-sensitive environments. Moreover, existing methods remain inadequate for security-critical scenarios, facing two coupled challenges in knowledge transfer: preserving prior knowledge without old data and integrating new knowledge with minimal interference. We propose RETROFIT, a data retrospective-free continual learning method that achieves bounded forgetting for effective knowledge transfer. Our key idea is to consolidate previously trained and newly fine-tuned models, serving as teachers of old and new knowledge, through parameter-level merging that eliminates the need for historical data. To mitigate interference, we apply low-rank and sparse updates that confine parameter changes to independent subspaces, while a knowledge arbitration dynamically balances the teacher contributions guided by model confidence. Our evaluation on two representative applications demonstrates that RETROFIT consistently mitigates forgetting while maintaining adaptability. In malware detection under temporal drift, it substantially improves the retention score, from 20.2% to 38.6% over CL baselines, and exceeds the oracle upper bound on new data. In binary summarization across decompilation levels, where analyzing stripped binaries is especially challenging, RETROFIT achieves around twice the BLEU score of transfer learning used in prior work and surpasses all baselines in cross-representation generalization.