{"id":"https://openalex.org/W7152641816","doi":"https://doi.org/10.1109/icecet63943.2025.11472271","title":"Redefining Threat Intelligence: How LLMs Revolutionize Malware Detection","display_name":"Redefining Threat Intelligence: How LLMs Revolutionize Malware Detection","publication_year":2025,"publication_date":"2025-07-03","ids":{"openalex":"https://openalex.org/W7152641816","doi":"https://doi.org/10.1109/icecet63943.2025.11472271"},"language":null,"primary_location":{"id":"doi:10.1109/icecet63943.2025.11472271","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icecet63943.2025.11472271","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 5th International Conference on Electrical, Computer and Energy Technologies (ICECET)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082140973","display_name":"Maher Salem","orcid":"https://orcid.org/0000-0002-6479-4335"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Maher Salem","raw_affiliation_strings":["King&#x2019;s College London,Department of Informatics,London,United Kingdom"],"affiliations":[{"raw_affiliation_string":"King&#x2019;s College London,Department of Informatics,London,United Kingdom","institution_ids":["https://openalex.org/I183935753"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5082140973"],"corresponding_institution_ids":["https://openalex.org/I183935753"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.75014112,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.4318999946117401,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.4318999946117401,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.10180000215768814,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.09229999780654907,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5105999708175659},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.3402000069618225},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.26570001244544983},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.26510000228881836},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.25940001010894775}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5640000104904175},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5162000060081482},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5105999708175659},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4535999894142151},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.34850001335144043},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3402000069618225},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.3140000104904175},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.2833999991416931},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.26570001244544983},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.26510000228881836},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.2567000091075897},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2563000023365021},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.25450000166893005},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2500999867916107}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icecet63943.2025.11472271","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icecet63943.2025.11472271","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 5th International Conference on Electrical, Computer and Energy Technologies (ICECET)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W2491916842","https://openalex.org/W2915893383","https://openalex.org/W2963156528","https://openalex.org/W2998074434","https://openalex.org/W3090046868","https://openalex.org/W3132165956","https://openalex.org/W3157814027","https://openalex.org/W3167041328","https://openalex.org/W3212172514","https://openalex.org/W4226346873","https://openalex.org/W4285732709","https://openalex.org/W4293192140","https://openalex.org/W4312277152","https://openalex.org/W4312986164","https://openalex.org/W4320490818","https://openalex.org/W4385871907","https://openalex.org/W4391224501","https://openalex.org/W4391895315","https://openalex.org/W4392353733","https://openalex.org/W4400072212","https://openalex.org/W4400350332","https://openalex.org/W4401171110","https://openalex.org/W4402593701","https://openalex.org/W4406263460","https://openalex.org/W4408565907"],"related_works":[],"abstract_inverted_index":{"This":[0,95],"paper":[1],"presents":[2],"a":[3,62],"novel":[4],"malware":[5,25,70,80,126],"analysis":[6,127],"framework":[7,73],"that":[8],"integrates":[9],"Large":[10],"Language":[11],"Models":[12],"(LLMs),":[13],"specifically":[14],"Google":[15],"Gemini,":[16],"with":[17],"ensemble":[18],"learning":[19],"to":[20,81],"enhance":[21],"threat":[22],"intelligence":[23],"and":[24,31,41,46,102,112,132,147],"classification.":[26],"Using":[27],"the":[28,32,120],"MalMem2022":[29],"dataset":[30],"MITRE":[33,82],"ATT&CK":[34,83],"knowledge":[35],"base,":[36],"our":[37,137],"approach":[38],"employs":[39],"XGBoost":[40],"CatBoost,":[42],"optimized":[43],"via":[44],"GridSearch":[45],"Random":[47],"Search,":[48],"achieving":[49],"an":[50],"F1-score":[51],"of":[52],"1.0.":[53],"To":[54],"mitigate":[55],"class":[56],"imbalance,":[57],"SMOTE":[58],"was":[59,89],"applied":[60],"within":[61],"cross-validation":[63],"pipeline,":[64],"ensuring":[65],"improved":[66],"generalizability":[67],"across":[68],"diverse":[69],"types.":[71],"The":[72,129],"extends":[74],"beyond":[75],"classification":[76],"by":[77,92],"mapping":[78],"detected":[79],"tactics,":[84],"leveraging":[85],"LLM-driven":[86],"contextualization,":[87],"which":[88],"rigorously":[90],"validated":[91],"cybersecurity":[93],"experts.":[94],"dual-layered":[96],"strategy":[97],"enhances":[98],"interpretability,":[99],"reduces":[100],"bias,":[101],"improves":[103],"detection":[104],"robustness.":[105],"Our":[106],"results":[107],"show":[108],"no":[109],"false":[110],"positives":[111],"100%":[113],"precision":[114],"in":[115,123,136],"attack":[116],"vector":[117],"analysis,":[118],"demonstrating":[119],"framework\u2019s":[121],"effectiveness":[122],"addressing":[124],"modern":[125],"challenges.":[128],"full":[130],"implementation":[131],"models":[133],"are":[134],"accessible":[135],"GitHub":[138],"repository":[139],"at":[140],"MalwareXplorer,":[141],"providing":[142],"valuable":[143],"resources":[144],"for":[145],"researchers":[146],"practitioners.":[148]},"counts_by_year":[],"updated_date":"2026-04-11T06:13:24.991567","created_date":"2026-04-10T00:00:00"}