AI-Driven Malware Defense: Transformer Model for Real-Time Detection and Threat Analysis
Conference
Meskova, V, Valencia, N, Chaparro-Baquero, GA et al. (2026). AI-Driven Malware Defense: Transformer Model for Real-Time Detection and Threat Analysis
.(2026), 10.1109/ISDFS69419.2026.11459044
Meskova, V, Valencia, N, Chaparro-Baquero, GA et al. (2026). AI-Driven Malware Defense: Transformer Model for Real-Time Detection and Threat Analysis
.(2026), 10.1109/ISDFS69419.2026.11459044
Real-time analysis is a critical component for identifying and understanding threats caused by malicious software. Over the years, various approaches have been developed to identify and mitigate harmful behaviour, moving beyond traditional signature-based techniques. In particular, neural networks have been widely used to enhance detection capabilities. However, accurate malware analysis remains a significant challenge, as threats continuously evolve. This research proposes a machine learning-based framework for malware analysis and classification, leveraging features extracted from Portable Executable (PE) files. The proposed methodology incorporates a Transformer-based model trained on Speakeasy dataset to classify encoded API call sequences as benign or malicious. An attention-based explanation method, complemented by a GPT-driven interpretability mechanism, is introduced to enhance understanding of the model's predictions. To evaluate generalization, a zero-day assessment was conducted by withholding entire malware families during training. Experimental results reveal 92.35% overall accuracy, with benign detection at 95.64% and malware detection at 90.76%. The study also highlights interpretability benefits derived from Explainable AI techniques, as well as remaining limitations in detecting unseen malware families.
