Saved in:
Bibliographic Details
Main Authors: Jelodar, Hamed, Meymani, Mohammad, Razavi-Far, Roozbeh, Ghorbani, Ali A.
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.19006
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908605796581376
author Jelodar, Hamed
Meymani, Mohammad
Razavi-Far, Roozbeh
Ghorbani, Ali A.
author_facet Jelodar, Hamed
Meymani, Mohammad
Razavi-Far, Roozbeh
Ghorbani, Ali A.
contents Generative AI and large language models (LLMs) have shown strong capabilities in code understanding, but their use in cybersecurity, particularly for malware detection and analysis, remains limited. Existing detection systems often fail to generalize to obfuscated or previously unseen threats, underscoring the need for more adaptable and explainable models. To address this challenge, we introduce XGen-Q, a domain-adapted LLM built on the Qwen-Coder architecture and pretrained on a large-scale corpus of over one million malware samples, spanning both source and assembly code. XGen-Q uses a multi-stage prompt strategy combined with retrieval-augmented generation (RAG) to deliver reliable malware identification and detailed forensic reporting, even in the presence of complex code obfuscation. To further enhance generalization, we design a training pipeline that systematically exposes the model to diverse obfuscation patterns. Experimental results show that XGen-Q achieves significantly lower perplexity than competitive baselines and exhibits strong performance on novel malware samples, demonstrating the promise of LLM-based approaches for interpretable and robust malware analysis.
format Preprint
id arxiv_https___arxiv_org_abs_2510_19006
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle XGen-Q: An Explainable Domain-Adaptive LLM Framework with Retrieval-Augmented Generation for Software Security
Jelodar, Hamed
Meymani, Mohammad
Razavi-Far, Roozbeh
Ghorbani, Ali A.
Information Retrieval
Generative AI and large language models (LLMs) have shown strong capabilities in code understanding, but their use in cybersecurity, particularly for malware detection and analysis, remains limited. Existing detection systems often fail to generalize to obfuscated or previously unseen threats, underscoring the need for more adaptable and explainable models. To address this challenge, we introduce XGen-Q, a domain-adapted LLM built on the Qwen-Coder architecture and pretrained on a large-scale corpus of over one million malware samples, spanning both source and assembly code. XGen-Q uses a multi-stage prompt strategy combined with retrieval-augmented generation (RAG) to deliver reliable malware identification and detailed forensic reporting, even in the presence of complex code obfuscation. To further enhance generalization, we design a training pipeline that systematically exposes the model to diverse obfuscation patterns. Experimental results show that XGen-Q achieves significantly lower perplexity than competitive baselines and exhibits strong performance on novel malware samples, demonstrating the promise of LLM-based approaches for interpretable and robust malware analysis.
title XGen-Q: An Explainable Domain-Adaptive LLM Framework with Retrieval-Augmented Generation for Software Security
topic Information Retrieval
url https://arxiv.org/abs/2510.19006