A Unified Multi-Model Learning Framework for Reliable Static Malware Detection

Muhammad Adeel Abid

Authors

Muhammad Adeel Abid Institute of Computer Science (Khwaja Fareed University of Engineering and Information Technology, Rahim Yar Khan).

Keywords:

Static Malware Detection, Multi-Model Learning, Cybersecurity, Machine Learning Classification, Ensemble and Deep Learning Models

Abstract

Malware has emerged as a key threat to computer systems and networks, and it is essential to achieve accurate and reliable malware detection. In this article, a unified multi-model learning framework is introduced that integrates deep learning and classical machine learning techniques to provide a comprehensive approach to detecting static malware. Experiments were conducted on a high-dimensional dataset (799912 rows, 2382 columns, 50000 rows) of static malware features using multiple models that include deep neural network models such as MLP, MalConv-X, CNN Hybrid, and classical models such as Logistic Regression, Random Forest, and LightGBM. Each model is trained and evaluated using evaluation metrics such as accuracy, precision, recall, f1-score, and AUC to ensure fair comparison and assessment. The results show that Light GBM achieved the highest performance with an accuracy of 95.48% and an AUC of 0.9915. Thus, LightGBM achieved the highest discriminative performance between malware and benign files. Deep learning models such as MLP and MalConv-X also performed well, showing 0.92 f1-score after training over 10 epochs. The The CNN-hybrid model showed the highest precision value of 0.9459 but a comparatively lower recall value of 0.8721. Correlation metrics, radar charts, and epoch-wise results indicate that ensemble learning models achieve strong performance in multiple evaluation parameters, and on the other hand, deep learning models exhibit stable convergence behavior during training. The proposed unified multi-model framework shows a reliable performance for static malware detection and provides a practical approach for model selection in real-world cybersecurity applications.

References

Matthew Chin, Roberto Corizzo, “Continual Semi-Supervised Malware Detection,” Mach. Learn. Knowl. Extr., vol. 6, no. 4, pp. 2829–2854, 2024, doi: https://doi.org/10.3390/make6040135.

Tiezhu Sun, Nadia Daoudi, “Temporal-Incremental Learning for Android Malware Detection,” ACM Trans. Softw. Eng. Methodol., vol. 34, no. 4, pp. 1–30, 2025, [Online]. Available: https://dl.acm.org/doi/10.1145/3702990

M. Gopinath, Sibi Chakkaravarthy Sethuraman, “A comprehensive survey on deep learning based malware detection techniques,” Comput. Sci. Rev., vol. 47, p. 100529, 2023, doi: https://doi.org/10.1016/j.cosrev.2022.100529.

E. Rodríguez, M. Fukkink, S. Parkin, M. van Eeten and C. Gañán, “Difficult for Thee, But Not for Me: Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware,” 2022 IEEE 7th Eur. Symp. Secur. Priv. (EuroS&P), Genoa, Italy, pp. 392–409, 2022, doi: 10.1109/EuroSP53844.2022.00032.

U.-E.-H ; Tayyab, F B ; Khan, “A Survey of the Recent Trends in Deep Learning Based Malware Detection,” J. Cybersecur. Priv, vol. 2, no. 4, pp. 800–829, 2022, [Online]. Available: https://www.mdpi.com/2624-800X/2/4/41

I. A. Khan, N. Moustafa, D. Pi, K. M. Sallam, A. Y. Zomaya, and B. Li, “A New Explainable Deep Learning Framework for Cyber Threat Discovery in Industrial IoT Networks,” IEEE Internet Things J., vol. 9, no. 13, pp. 11604–11613, Jul. 2022, doi: 10.1109/JIOT.2021.3130156.

Martin Kinkead, Stuart Millar, “Towards Explainable CNNs for Android Malware Detection,” Procedia Comput. Sci., vol. 184, pp. 959–965, 2021, doi: https://doi.org/10.1016/j.procs.2021.03.118.

Zhi Lu, Vrizlynn L.L. Thing, “‘How Does It Detect A Malicious App?’ Explaining the Predictions of AI-based Android Malware Detector,” arXiv:2111.05108, 2021, [Online]. Available: https://arxiv.org/abs/2111.05108

N. G. Ambekar, N. N. Devi, S. Thokchom, and Yogita, “TabLSTMNet: enhancing android malware classification through integrated attention and explainable AI,” Microsyst. Technol. 2024 313, vol. 31, no. 3, pp. 695–713, Mar. 2024, doi: 10.1007/s00542-024-05615-0.

Jeff Mitchell, Niall McLaughlin, “Generating sparse explanations for malicious Android opcode sequences using hierarchical LIME,” Comput. Secur., vol. 137, p. 103637, 2024, doi: https://doi.org/10.1016/j.cose.2023.103637.

S. K. Smmarwar, G. P. Gupta, and S. Kumar, “XAI-AMD-DL: An Explainable AI Approach for Android Malware Detection System Using Deep Learning,” Proc. - 2023 IEEE World Conf. Appl. Intell. Comput. AIC 2023, pp. 423–428, 2023, doi: 10.1109/AIC57670.2023.10263974.

J. D. Herath, P. P. Wakodikar, P. Yang, and G. Yan, “CFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs,” Proc. - 52nd Annu. IEEE/IFIP Int. Conf. Dependable Syst. Networks, DSN 2022, pp. 172–184, 2022, doi: 10.1109/DSN53405.2022.00028.

Mohd Saqib, Samaneh Mahdavifar, “A Comprehensive Analysis of Explainable AI for Malware Hunting,” ACM Comput. Surv., vol. 56, no. 12, 2024, [Online]. Available: https://dl.acm.org/doi/10.1145/3677374

Ferhat Demirkıran, Aykut Çayır, “An ensemble of pre-trained transformer models for imbalanced multiclass malware classification,” Comput. Secur., vol. 121, p. 102846, 2022, doi: https://doi.org/10.1016/j.cose.2022.102846.

Farhan Ullah, Amjad Alsirhani, “Explainable Malware Detection System Using Transformers-Based Transfer Learning and Multi-Model Visual Representation,” Sensors, vol. 22, no. 18, p. 6766, 2022, doi: https://doi.org/10.3390/s22186766.

Rubab Roshan, Irfan Ali Bhacho, “Comparative Analysis of TF–IDF and Hashing Vectorizer for Fake News Detection in Sindhi: A Machine Learning and Deep Learning Approach,” Eng Proc, vol. 46, no. 1, p. 5, 2023, doi: https://doi.org/10.3390/engproc2023046005.

Syed Khurram Jah Rizvi, Warda Aslam, Muhammad Shahzad, Shahzad Saleem & Muhammad Moazam Fraz, “PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable,” Complex Intell. Syst., vol. 8, pp. 673–685, 2022, [Online]. Available: https://link.springer.com/article/10.1007/s40747-021-00560-1

J. Jeon, B. Jeong, S. Baek, and Y. S. Jeong, “Static Multi Feature-Based Malware Detection Using Multi SPP-net in Smart IoT Environments,” IEEE Trans. Inf. Forensics Secur., vol. 19, pp. 2487–2500, 2024, doi: 10.1109/TIFS.2024.3350379.

Faitouri A. Aboaoja, Anazida Zainal, “Malware Detection Issues, Challenges, and Future Directions: A Survey,” Appl. Sci., vol. 12, no. 17, p. 8482, 2022, doi: https://doi.org/10.3390/app12178482.

“Ember-2018-V2-features.” Accessed: Mar. 19, 2026. [Online]. Available: https://www.kaggle.com/datasets/dhoogla/ember-2018-v2-features

M. A. Abid, S. Ullah, M. A. Siddique, M. F. Mushtaq, W. Aljedaani, and F. Rustam, “Spam SMS filtering based on text features and supervised machine learning techniques,” Multimed. Tools Appl. 2022 8128, vol. 81, no. 28, pp. 39853–39871, May 2022, doi: 10.1007/S11042-022-12991-0.

Muhammad Adeel Abid, Madiha Amjad, “IoT-Based Smart Biofloc Monitoring System for Fish Farming Using Machine Learning,” IEEE Access, vol. 1, no. 24, 2024, doi: 10.1109/ACCESS.2024.3384263.

G. Naidu, T. Zuva, and E. M. Sibanda, “A Review of Evaluation Metrics in Machine Learning Algorithms,” Lect. Notes Networks Syst., vol. 724 LNNS, pp. 15–25, 2023, doi: 10.1007/978-3-031-35314-7_2.

Tuan Van Dao, Hiroshi Sato, “MLP-Mixer-Autoencoder: A Lightweight Ensemble Architecture for Malware Classification,” Information, vol. 14, no. 3, p. 167, 2023, doi: https://doi.org/10.3390/info14030167.

M. A. Abid, M. F. Mushtaq, U. Akram, B. Mughal, M. Ahmad, and M. Imran, “Recommending Domain Specific Keywords for Twitter,” Adv. Intell. Syst. Comput., vol. 978 AISC, pp. 253–263, 2020, doi: 10.1007/978-3-030-36056-6_25.

O. Kargarnovin, A. M. Sadeghzadeh, and R. Jalili, “Mal2GCN: a robust malware detection approach using deep graph convolutional networks with non-negative weights,” J. Comput. Virol. Hacking Tech. 2023 201, vol. 20, no. 1, pp. 95–111, Sep. 2023, doi: 10.1007/s11416-023-00498-7.

P. J. Alphine, B. P. Alapatt, and J. P. George, “Enhancing Malware Detection Through Hybrid Deep Learning Techniques,” Proc. 6th Int. Conf. Intell. Commun. Technol. Virtual Mob. Networks, ICICV 2025, pp. 478–483, 2025, doi: 10.1109/ICICV64824.2025.11085589.

Eric J. Michaud, Ziming Liu, Max Tegmark, “Precision Machine Learning,” arXiv:2210.13447, 2022, [Online]. Available: https://arxiv.org/abs/2210.13447

Carina Clemente, Gracinda R. Guerreiro, “Modelling Motor Insurance Claim Frequency and Severity Using Gradient Boosting,” Risks, vol. 11, no. 9, p. 163, 2023, doi: https://doi.org/10.3390/risks11090163.

Qihao Zhao, Fuwei Wang, Weimin Wang, Tianxin Zhang, Haodong Wu & Weijun Ning, “Research on intrusion detection model based on improved MLP algorithm,” Sci. Rep., 2025, [Online]. Available: https://www.nature.com/articles/s41598-025-89798-0