A Hybrid Approach for Malware Classification Using Secondary Features Fusion

The number of malware either variant or novel is rapidly increasing, making malware detection and mitigation a complex problem. One approach to improving malware mitigation is automatic detection and malware family classification. However, traditional malware detection methods cannot classify...

SEED: Semi-Supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget

Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss HCL with active learning to improve robustness against drift by exploiting semantic structure...

MalwarePT: A Binary-Level Foundation Model for Malware Analysis

Automated malware analysis increasingly relies on machine learning, yet most existing methods remain task-specific and depend on handcrafted features or narrowly scoped models. Recent developments in binary-level foundation models suggest a path toward reusable program representations, but their...

Quantifiable Uncertainty: A Stochastic Consensus Multi-Agent RAG Framework for Robust Malware Detection

While contemporary deep learning malware detectors define a dominant defense paradigm, their sophistication also exposes them to novel structural evasion attacks, a limitation we attribute to their inherent inability to express epistemic uncertainty. To address this challenge, we present MAGMA, a...

Trident: Improving Malware Detection with LLMs and Behavioral Features

Traditionally, machine learning methods for PE malware detection have relied on static features like byte histograms, string information, and PE header contents. One barrier to incorporating dynamic analysis features has been the semi-structured nature of sandbox behavior reports. We show that,...

info-security-portfolio

Information Security Portfolio A curated collection of nine e...

AsmRAG: LLM-Driven Malware Detection by Retrieving Functionally Similar Assembly Code

Deep learning malware detectors achieve high classification accuracy but suffer from severe interpretability limitations, typically returning probabilistic verdicts that lack forensic context. We introduce AsmRAG, a framework performing malware analysis through Assembly-Level Retrieval-Augmented...

Adversarial Co-Evolution of Malware and Detection Models: A Bilevel Optimization Perspective

Machine learning-based malware detectors are increasingly vulnerable to adversarial examples. Traditional defenses, such as one-shot adversarial training, often fail against adaptive attackers who use reinforcement learning to bypass detection. This paper proposes a robust defense framework based...

Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...

Half-Moon Cookie: Private, Similarity-Based Blocklisting with TOCTOU-Attack Resilience

Blocklisting is a common technique for preventing the use of known malicious content. However, conventional blocklisting infrastructures require either the blocklist to be public or clients to reveal their queries to the blocklist server. In this work, we introduce a private blocklisting framewor...

Malware and Ransomware Detection in M365

Availability Requirement Threat Detection is available to Veeam Data Cloud for Microsoft 365 customers with Premium or Advanced plans. Customers must opt in to AI settings to enable this feature. Contact your Veeam account team or see your plan details to confirm availability. Supported Workloads...

Label-Efficient Training Updates for Malware Detection over Time

Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...

MAL-2026-1834 Malicious code in rce-pkg-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2e2ccfc70214b187f4ea10c848cbc319a6c508e555a0fc4eb820f3e4670c4b2 The package rce-pkg-2 was found to contain malicious code...

Routing-Aware Explanations for Mixture of Experts Graph Models in Malware Detection

Mixture-of-Experts MoE offers flexible graph reasoning by combining multiple views of a graph through a learned router. We investigate routing-aware explanations for MoE graph models in malware detection using control flow graphs CFGs. Our architecture builds diversity at two levels. At the node...

A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection

Cryptographic digests e.g., MD5, SHA-256 are designed to provide exact identity. Any single-bit change in the input produces a completely different hash, which is ideal for integrity verification but limits their usefulness in many real-world tasks like threat hunting, malware analysis and digita...

MalTool: Malicious Tool Attacks on LLM Agents

In a malicious tool attack, an attacker uploads a malicious tool to a distribution platform; once a user installs the tool and the LLM agent selects it during task execution, the tool can compromise the user's security and privacy. Prior work primarily focuses on manipulating tool names and...

SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration

The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification,...

LLM-FS: Zero-Shot Feature Selection for Effective and Interpretable Malware Detection

Feature selection FS remains essential for building accurate and interpretable detection models, particularly in high-dimensional malware datasets. Conventional FS methods such as Extra Trees, Variance Threshold, Tree-based models, Chi-Squared tests, ANOVA, Random Selection, and Sequential...

Empirical Evaluation of SMOTE in Android Malware Detection with Machine Learning: Challenges and Performance in CICMalDroid 2020

Malware, malicious software designed to damage computer systems and perpetrate scams, is proliferating at an alarming rate, with thousands of new threats emerging daily. Android devices, prevalent in smartphones, smartwatches, tablets, and IoTs, represent a vast attack surface, making malware...

Evasion of IoT Malware Detection Via Dummy Code Injection

The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...