This paper proposes a hybrid feature fusion and voting-based approach for automated malware detection and classification into specific malware families, achieving high performance metrics like an AUC…

The paper introduces Trident, a novel malware detection system that combines static features, LLM-derived behavioral rules, and direct LLM analysis to achieve superior robustness against concept drift…

The paper constructs a large, adversarial malware dataset from real-world binaries, demonstrating high evasion rates and showing that even small amounts of poisoned data can severely compromise malwar…

This paper introduces a novel malware detection system for macOS by utilizing domain-specific static features, achieving state-of-the-art performance and demonstrating strong generalization capabiliti…

The paper introduces McNdroid, a large longitudinal multimodal benchmark for Android malware, demonstrating that temporal drift significantly degrades detection performance, which is best mitigated by…

The paper proposes a framework to intentionally evade malware detectors by adding a small number of benign API imports, successfully demonstrating targeted misclassification into a chosen benign categ…

MalwarePT introduces a novel binary-level foundation model, pretrained on Windows PE code-section bytes using a ModernBERT-style encoder, demonstrating superior transfer learning capabilities across v…

The paper proposes a universal robustification framework to enhance drift-adaptive malware detectors against combined concept drift and adversarial attacks, significantly reducing attack success rates…

The paper demonstrates that static malware classifiers often rely on superficial artifacts like packing and metadata rather than true malicious semantics, using the TRUSTEE interpretability tool to di…

SeqShield proposes a behavior-based rootkit detection system for Windows by analyzing API call sequences using n-gram features, achieving high detection accuracy even against mutated malware variants.

This paper quantifies the polymorphic capacity of a commercial LLM, demonstrating that it can cheaply generate large populations of structurally diverse, yet behaviorally equivalent, offensive code pa…

The paper proposes a model-agnostic framework to evaluate combining Active Learning (AL) and Semi-Supervised Learning (SSL) techniques for malware detection, demonstrating that these combined methods…

The paper proposes a zero-label malware family classification framework that uses a weighted hierarchical ensemble of large language models (LLMs) to classify malware without requiring labeled trainin…

This paper addresses the lack of research on adversarial malware generation for Linux ELF binaries by developing a new semantic-preserving generator that achieves a high evasion rate against modern de…

ML Defender (aRGus NDR) is an open-source, embedded Machine Learning Network Intrusion Detection System (NIDS) that achieves superior detection rates for botnet and anomalous traffic on resource-const…

The paper proposes a structural method using decision tree rulesets and multiple complementary metrics to detect concept drift in evolving malware families, finding that fixed-interval windowing with…

The paper proposes a bilevel optimization framework to model the adversarial co-evolution between malware attackers and detection models, achieving near-total immunity against sophisticated evasion at…

The paper investigates improving 43-class malware type classification on MalNet-Image Tiny by evaluating the combined effects of multi-scale feature fusion, transfer learning, advanced data augmentati…

This paper proposes a gap-prioritization framework to bridge the gap between theoretical cyber attack prediction research and practical operational deployment by identifying critical implementation hu…

The paper analyzes a dataset of agent skills, demonstrating that different security scanners (VirusTotal, static analysis, SkillSpector) rarely agree, necessitating a layered governance approach for s…