Saved in:
Bibliographic Details
Main Authors: Saha, Bikash, Rani, Nanda, Shukla, Sandeep Kumar
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.01145
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910901536292864
author Saha, Bikash
Rani, Nanda
Shukla, Sandeep Kumar
author_facet Saha, Bikash
Rani, Nanda
Shukla, Sandeep Kumar
contents Current malware (malicious software) analysis tools focus on detection and family classification but fail to provide clear and actionable narrative insights into the malignant activity of the malware. Therefore, there is a need for a tool that translates raw malware data into human-readable descriptions. Developing such a tool accelerates incident response, reduces malware analysts' cognitive load, and enables individuals having limited technical expertise to understand malicious software behaviour. With this objective, we present MaLAware, which automatically summarizes the full spectrum of malicious activity of malware executables. MaLAware processes Cuckoo Sandbox-generated reports using large language models (LLMs) to correlate malignant activities and generate concise summaries explaining malware behaviour. We evaluate the tool's performance on five open-source LLMs. The evaluation uses the human-written malware behaviour description dataset as ground truth. The model's performance is measured using 11 extensive performance metrics, which boosts the confidence of MaLAware's effectiveness. The current version of the tool, i.e., MaLAware, supports Qwen2.5-7B, Llama2-7B, Llama3.1-8B, Mistral-7B, and Falcon-7B, along with the quantization feature for resource-constrained environments. MaLAware lays a foundation for future research in malware behavior explanation, and its extensive evaluation demonstrates LLMs' ability to narrate malware behavior in an actionable and comprehensive manner.
format Preprint
id arxiv_https___arxiv_org_abs_2504_01145
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle MaLAware: Automating the Comprehension of Malicious Software Behaviours using Large Language Models (LLMs)
Saha, Bikash
Rani, Nanda
Shukla, Sandeep Kumar
Cryptography and Security
Current malware (malicious software) analysis tools focus on detection and family classification but fail to provide clear and actionable narrative insights into the malignant activity of the malware. Therefore, there is a need for a tool that translates raw malware data into human-readable descriptions. Developing such a tool accelerates incident response, reduces malware analysts' cognitive load, and enables individuals having limited technical expertise to understand malicious software behaviour. With this objective, we present MaLAware, which automatically summarizes the full spectrum of malicious activity of malware executables. MaLAware processes Cuckoo Sandbox-generated reports using large language models (LLMs) to correlate malignant activities and generate concise summaries explaining malware behaviour. We evaluate the tool's performance on five open-source LLMs. The evaluation uses the human-written malware behaviour description dataset as ground truth. The model's performance is measured using 11 extensive performance metrics, which boosts the confidence of MaLAware's effectiveness. The current version of the tool, i.e., MaLAware, supports Qwen2.5-7B, Llama2-7B, Llama3.1-8B, Mistral-7B, and Falcon-7B, along with the quantization feature for resource-constrained environments. MaLAware lays a foundation for future research in malware behavior explanation, and its extensive evaluation demonstrates LLMs' ability to narrate malware behavior in an actionable and comprehensive manner.
title MaLAware: Automating the Comprehension of Malicious Software Behaviours using Large Language Models (LLMs)
topic Cryptography and Security
url https://arxiv.org/abs/2504.01145