Theexpansionofinterconnectedcomputinginfrastructureshasintensifiedthescaleand sophistication of malicious software attacks. Detection mechanisms that depend solely on stored signaturedatabasesareincreasinglyineffectiveagainst newlyemergingandrapidlymutating threats.Thisstudyintroducesisandbox, capturing indicators such as process invocation sequences, system configuration changes, file accessbehavior,interface-levelinteractions,andcommunicationflows.
To enhance predictive capability, a multi-model classificationapproachcombining Random Forest, Support VectorMachine, andConvolutionalNeuralNetworkarchitecturesisimplemented. Eachmodelcontributescomplementaryanalytical strengths, and their outputs are aggregated through an ensemble decision mechanism to improveclassification stability. The framework also incorporatesan automated alert module and structured logging facilitytosupporttimely threatresponseandtraceability.Experimentalvalidationdemonstratesthattheintegratedmodelattains 97% overall detection accuracy, alongside strong precision and recall, with a minimal rate of false alarms.
The resultsconfirm thata runtime-focusedhybridlearningarchitecture canprovide aresilientandscalable defense strategy against adaptive and previously unseen malware variants.
Introduction
The text describes an Intelligent Malware Detection System designed to overcome limitations of traditional antivirus methods by using dynamic behavior-based analysis instead of static file signatures.
Traditional systems rely on signature matching and static analysis, which fail to detect new or obfuscated malware. To address this, the proposed system uses machine learning (Random Forest, SVM) and deep learning (CNN) to analyze how programs behave at runtime, including system activity, memory usage, process behavior, and network patterns.
The methodology includes:
Collecting runtime behavioral data from controlled environments
Preprocessing and feature extraction of dynamic features only
Training three models: Random Forest, SVM, and CNN
Combining their outputs using an ensemble voting approach
Generating real-time alerts when malicious behavior is detected
Each model contributes differently: Random Forest handles structured patterns, SVM creates clear classification boundaries, and CNN detects complex hidden behaviors. The ensemble method improves overall accuracy and reduces false positives.
Results show that all three models perform well individually, but the hybrid ensemble system performs best, offering higher detection accuracy, better robustness, and improved ability to identify unknown and evolving malware threats in real time.
Conclusion
This study presented a behavior-oriented malware detection framework that integrates Machine Learning and Deep Learning techniques within a unified architecture. By focusing exclusively on runtime characteristics, the system avoids the weaknesses associated with static analysis and signature dependence.
Experimental evaluation demonstrates that each individual classifier performs effectively when trained on behavioral data. However, combining RandomForest,SVM,andCNNthroughanensemble mechanismproduces superior accuracyandstability. The hybrid configuration minimizes both missed detections and false alarms.
Thefindingsconfirmthatruntimebehavioralanalysis offers stronger resilience against evolving malware variants, including obfuscated and zero-day attacks. The proposed approach provides a scalable and practical foundation for intelligent security monitoring systems..
References
[1] J.F.Cantone,G.DeGaspari,M.G.Pizzuti,and A. Saccà, “Machine Learning in Network Intrusion Detection: A Cross-Dataset Generalization Study,” IEEE Access, vol. 12, 2024, Doi: 10.1109/ACCESS.2024.3472907.
[2] J.Alex,R.Kumar,andS.Mathew,“AMachine Learning and Deep Learning Approach to Network Intrusion Detection System,” in Proceedings of the IEEE International Conference on Electrical, Computer and Communication Engineering (ECCE), 2025, Doi: 10.1109/ECCE64574.2025.11013840.
[3] A. Elsersy and M. Abdelwahab, “Towards Transparent IoT Malware Detection: A ML/DL and XAI-Based Multi-Class Classification Approach,” in Proceedings of IEEE WINCOM, 2025, Doi:10.1109/WINCOM65874.2025.11313366.
[4] K. Anuradha, P. R. Kumar, and S. S. Kumar, “Improving Malware Detection Performance Using Hybrid Deep Representation Learning with Heuristic Search Algorithms,” Scientific Reports,2026,Doi:10.1038/s41598-026-35481-x.
[5] A.AbuAlhassan,M.Alkasassbeh,andA.Almomani,“MalwareRecognition Using Novel Convolutional Neural Network with Residual Connections,” International Journal of Machine Learning and Cybernetics, 2026, Doi: 10.1007/s13042-025-02815-6.
[6] J. Park, H. Kim, and Y. Lee, “Smart Deep Learning Model for Enhanced IoT Intrusion Detection,” Scientific Reports, 2025, Doi: 10.1038/s41598-025-06363-5.
[7] M. Rashid, T. Ahmed, and A. Mahmood, “Hybrid Android Malware Detection and Classification Using Deep Neural Networks,” International Journal of Computational Intelligence Systems, 2025, Doi: 10.1007/s44196-025-00783-x.
[8] I. Sharafuddin, A. H. Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in Proceedings of the International Conference on Information Systems Security and Privacy (ICISSP), 2018.
[9] M.Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” in Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009.
[10] N.Moustafa and J. Slay, “UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems,” in Proceedings of the Military Communications and Information Systems Conference, 2015.
[11] J.Z. Kolter and M. A. Maloof, “Learning to DetectandClassifyMaliciousExecutablesinthe Wild,” Journal of Machine Learning Research, vol. 7, pp. 2721–2744, 2006.
[12] A.Saxe and K. Berlin, “Deep Neural Network Based Malware Detection Using Two- Dimensional Binary Program Features,” in Proceedings of the IEEE International Conference on Malicious and Unwanted Software (MALWARE), 2015.