Search for Articles:
International Journal of Information Technology and Computer Science (IJITCS)

IJITCS Vol. 18, No. 3, 8 Jun. 2026

Cover page and Table of Contents: PDF (size: 1153KB)

MECS Press Journal

Transformer Framework Enhanced by Large Language Models for Image-based Multi-class Malware Detection

PDF (1153KB), PP.170-188

Views: 0 Downloads: 0

Author(s)

Gaurav Mehta 1,* Pradeepta Kumar Sarangi 1 Shaily Jain 2 Vikas Tripathi 3

1. Chitkara University School of Engineering and Technology, Chitkara University Himachal Pradesh, India

2. Chitkara University School of Engineering & Technology, Chitkara University, Punjab, India

3. Computer Science and Engineering, Graphic Era, Dehradun, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2026.03.11

Received: 14 Feb. 2026 / Revised: 26 Mar. 2026 / Accepted: 20 Apr. 2026 / Published: 8 Jun. 2026

Index Terms

Multi-class Malware Detection, Convolutional Neural Networks, Network Security, Cybersecurity, Large Language Models

Abstract

With the rapid proliferation of electronic devices, the volume and sophistication of malware have surged, posing critical cybersecurity threats. Traditional malware detection approaches face challenges such as limited generalization, unbalanced datasets, and high computational costs. To address these issues, this study introduces the LLM-Powered Transformer Framework for Multi-Class Malware Detection, an image-based approach integrating Large Language Models (LLMs) and transformer architectures with Convolutional Neural Networks (CNNs). The proposed framework enhances malware classification by leveraging data visualization, balanced sampling, and data augmentation techniques, achieving over 98.86% accuracy across four open-source datasets. Furthermore, this study makes two key contributions: first, it provides granular insights into malware classification performance using confusion matrix analysis, aiding cybersecurity professionals in refining detection strategies. Second, the balanced sampling approach eliminates the need for additional datasets, minimizes hardware overhead, and dynamically adjusts sampling weights for optimal learning. Additionally, data augmentation techniques mitigate overfitting, enhancing the model's adaptability to diverse malware variants. Comparative analysis with state-of-the-art methods demonstrates the proposed framework's efficiency in achieving high accuracy while maintaining computational feasibility. These advancements establish a robust foundation for real-world malware detection and cybersecurity applications.

Cite This Paper

Gaurav Mehta, Pradeepta Kumar Sarangi, Shaily Jain, Vikas Tripathi, "Transformer Framework Enhanced by Large Language Models for Image-based Multi-class Malware Detection", International Journal of Information Technology and Computer Science(IJITCS), Vol.18, No.3, pp.170-188, 2026. DOI:10.5815/ijitcs.2026.03.11

Reference

[1]Av-Test: Security [Online]. Available: https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_ Security_Report_2019-2020.pdf, Report 2019/2020.
[2]SonicWall: 2022 Sonicwall Cyber Threat Report. [Online]. Available: https://www.sonicwall.com/resources/white- papers/2022-sonicwall-cyber-threat-report, Accessed: 2022. 
[3]Kaspersky: A Look Back on the Year 2022 and What to Expect in 2023. [Online]. Available: https://securelist. com/crimeware-financial-cyberthreats-2023/108005/, Accessed: 2022. 
[4]RISING: 2022 China Network Security Report. [Online]. Available: https://www.wenjuan.com/s/FvYNrmw/, Accessed: 2022. 
[5]X. Yang, D. Lo, L. Li, X. Xia, T. F. Bissyandé, and J. Klein, ‘‘Characterizing malicious Android apps by mining topic-specific data flow signatures,’’ Inf. Softw. Technol., vol. 90, pp. 27–39, Oct. 2017, doi: 10.1016/j.infsof.2017.04.007.
[6]W. Zhang, H. Wang, H. He, and P. Liu, ‘‘DAMBA: Detecting Android malware by ORGB analysis,’’ IEEE Trans. Rel., vol. 69, no. 1, pp. 55–69, Mar. 2020, doi: 10.1109/TR.2019.2924677.
[7]McAfee: Mcafee Mobile Security. Accessed: 2018. [Online]. Available: https://pccw.mcafeemobilesecurity.com/
[8]N. A. Rosli, W. Yassin, F. M. A, and S. Rahayu, ‘‘Clustering analysis for malware behavior detection using registry data,’’ Int. J. Adv. Comput. Sci. Appl., vol. 10, no. 12, 2019, doi: 10.14569/ijacsa.2019.0101213.
[9]Y. Ding, W. Dai, S. Yan, and Y. Zhang, ‘‘Control flow-based opcode behavior analysis for malware detection,’’ Comput. Secur., vol. 44, pp. 65–74, Jul. 2014, doi: 10.1016/j.cose.2014.04.003.
[10]Bhardwaj, V., Noonia, A., Chaurasia, S., Kumar, M., Rashid, A., & Othman, M. T. B. (2024). Optimizing structured data processing through robotic process automation. arXiv preprint arXiv:2408.14791.
[11]V. Vouvoutsis, F. Casino, and C. Patsakis, ‘‘On the effectiveness of binary emulation in malware classification,’’ J. Inf. Secur. Appl., vol. 68, Aug. 2022, Art. no. 103258, doi: 10.1016/j.jisa.2022.103258.
[12]S. Liu, P. Feng, S. Wang, K. Sun, and J. Cao, ‘‘Enhancing malware analysis sandboxes with emulated user behavior,’’ Comput. Secur., vol. 115, Apr. 2022, Art. no. 102613, doi: 10.1016/j.cose.2022.102613.
[13]E. Gandotra, D. Bansal, and S. Sofat, ‘‘Malware analysis and classifi- cation: A survey,’’ J. Inf. Secur., vol. 5, no. 2, pp. 56–64, 2014, doi: 10.4236/jis.2014.52006.
[14]G. Gopinath and S. C. Sethuraman, ‘‘A comprehensive survey on deep learning-based malware detection techniques,’’ Comput. Sci. Rev., vol. 47, Feb. 2023, Art. no. 100529, doi: 10.1016/j.cosrev.2022.100529.
[15]Y.-T. Hou, Y. Chang, T. Chen, C.-S. Laih, and C.-M. Chen, ‘‘Malicious Web content detection by machine learning,’’ Expert Syst. Appl., vol. 37, no. 1, pp. 55–60, Jan. 2010, doi: 10.1016/j.eswa.2009.05.023.
[16]Y. Lai and Z. Liu, ‘‘Unknown malicious code detection based on Bayesian,’’ Proc. Eng., vol. 15, pp. 3836–3842, Jan. 2011, doi: 10.1016/j.proeng.2011.08.718.
[17]D. Vasan, M. Alazab, S. Wassan, B. Safaei, and Q. Zheng, ‘‘Image- based malware classification using ensemble of CNN architectures (IMCEC),’’ Comput. Secur., vol. 92, May 2020, Art. no. 101748, doi: 10.1016/j.cose.2020.101748.
[18]T. Kim, B. Kang, M. Rho, S. Sezer, and E. G. Im, ‘‘A multimodal deep learning method for Android malware detection using various features,’’ IEEE Trans. Inf. Forensics Security, vol. 14, no. 3, pp. 773–788, Mar. 2019, doi: 10.1109/TIFS.2018.2866319.
[19]Z. Yuan, Y. Lu, and Y. Xue, ‘‘Droiddetector: Android malware characteri- zation and detection using deep learning,’’ Tsinghua Sci. Technol., vol. 21, no. 1, pp. 114–123, Feb. 2016, doi: 10.1109/TST.2016.7399288.
[20]X. Huang, L. Ma, W. Yang, and Y. Zhong, ‘‘A method for windows malware detection based on deep learning,’’ J. Signal Process. Syst., vol. 93, nos. 2–3, pp. 265–273, Mar. 2021, doi: 10.1007/s11265-020-01588-1.
[21]Z. Cui, L. Du, P. Wang, X. Cai, and W. Zhang, ‘‘Malicious code detection based on CNNs and multi-objective algorithm,’’ J. Parallel Distrib. Comput., vol. 129, pp. 50–58, Jul. 2019, doi: 10.1016/j.jpdc.2019.03.010.
[22]J. Hemalatha, S. Roseline, S. Geetha, S. Kadry, and R. Damaševičius, ‘‘An efficient DenseNet-based deep learning model for malware detection,’’ Entropy, vol. 23, no. 3, p. 344, Mar. 2021, doi: 10.3390/e23030344.
[23]S. Abbas, S. Alsubai, S. Ojo, G. A. Sampedro, A. Almadhor, A. A. Hejaili, and I. Bouazzi, ‘‘An efficient deep recurrent neural network for detection of cyberattacks in realistic IoT environment,’’ J. Supercomput., vol. 80, no. 10, pp. 13557–13575, Jul. 2024, doi: 10.1007/s11227-024-05993-2.
[24]Ahmed, B., Shuja, M., Mishra, H. M., Qtaishat, A., & Kumar, M. (2023, March). IoT based smart systems using artificial intelligence and machine learning: accessible and intelligent solutions. In 2023 6th International Conference on Information Systems and Computer Networks (ISCON) (pp. 1-6). IEEE.
[25]H. Li, G. Xu, L. Wang, X. Xiao, X. Luo, G. Xu, and H. Wang, ‘‘MalCertain: Enhancing deep neural network-based Android malware detection by tackling prediction uncertainty,’’ in Proc. IEEE/ACM 46th Int. Conf. Softw. Eng., Apr. 2024, p. 934.
[26]R. Chaganti, V. Ravi, and T. D. Pham, ‘‘A multi-view feature fusion approach for effective malware classification using deep learn- ing,’’ J. Inf. Secur. Appl., vol. 72, Feb. 2023, Art. no. 103402, doi: 10.1016/j.jisa.2022.103402.
[27]Y. Zhang, J. Jiang, C. Yi, H. Li, S. Min, R. Zuo, Z. An, and Y. Yu, ‘‘A robust CNN for malware classification against executable adversarial attack,’’ Electronics, vol. 13, no. 5, p. 989, Mar. 2024, doi: 10.3390/electronics13050989.
[28]X. Xu, S. Jiang, J. Zhao, and X. Wang, ‘‘DCEL: Classifier fusion model for Android malware detection,’’ J. Syst. Eng. Electron., vol. 35, no. 1, pp. 163–177, Feb. 2024, doi: 10.23919/jsee.2024.000018.
[29]P. Sathyaraj, A. S. Kumar, R. Sabitha, R. Dhanalakshmi, T. Chandrasekar, and S. Lalitha, ‘‘Efficient detection of QR code image-based attacks in industries through lightweight deep learning models and monarch butterfly optimization algorithm,’’ in Industry Applications of Thrust Manufacturing: Convergence With Real-Time Data and AI. Hershey, PA, USA: IGI Global, 2024, pp. 280–313, doi: 10.4018/979-8-3693-4276- 3.ch012.
[30]P. Deb, N. Kar, N. Das, and V. Datta, ‘‘Detecting malware in windows environment using machine learning,’’ in Proc. Int. Conf. Commun., Electron. Digit. Technol. Cham, Switzerland: Springer, 2023, pp. 117–128, doi: 10.1007/978-981-99-1699-3_7. 
[31]P. Maniriho, A. N. Mahmood, and M. J. M. Chowdhury, ‘‘API-MalDetect: Automated malware detection framework for windows based on API calls and deep learning techniques,’’ J. Netw. Comput. Appl., vol. 218, Sep. 2023, Art. no. 103704, doi: 10.1016/j.jnca.2023.103704.
[32]M. G. Twardawa, M. Smolik, F. Rakowski, J. Kwiatkowski, and N. Meyer, ‘‘SCADvanceXP—An intelligent Polish system for threat detection and monitoring of industrial networks,’’ Secur. Defence Quart., Mar. 2024, doi: 10.35467/sdq/177655.
[33]S. Sadhwani, U. Modi, R. Muthalagu, and P. Pawar, ‘‘SmartSentry: Cyber threat intelligence in industrial IoT,’’ IEEE Access, vol. 12, pp. 34720–34740, 2024. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10456888/
[34]M. Kim and H. Kim, ‘‘A dynamic analysis data preprocessing technique for malicious code detection with TF-IDF and sliding windows,’’ Electronics, vol. 13, no. 5, p. 963, Mar. 2024. [Online]. Available: https://www.mdpi.com/2079-9292/13/5/963
[35]Liu, Y., Fan, H., Zhao, J., Zhang, J., & Yin, X. (2024). Efficient and generalized image-based CNN algorithm for multi-class malware detection. IEEE Access            .
[36]Wang, F., Shi, X., Yang, F., Song, R., Li, Q., Tan, Z. and Wang, C., 2024. MalSort: Lightweight and efficient image-based malware classification using masked self-supervised framework with Swin Transformer. Journal of Information Security and Applications, 83, p.103784.
[37]Nair, S.J. and Syam, S.R., 2024, June. Comparing Transformers and CNN Approaches for Malware Detection: A Comprehensive Analysis. In 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT) (pp. 1-6). IEEE.
[38]Alshomrani, M., Albeshri, A., Alsulami, A.A. and Alturki, B., 2025. An Explainable Hybrid CNN–Transformer Architecture for Visual Malware Classification. Sensors, 25(15), p.4581.
[39]Belal, M.M. and Sundaram, D.M., 2024. Multi-variants vision transformer-based malware image classification model using multi-criteria decision-making. Journal of Intelligent & Fuzzy Systems, 46(5-6), pp.11331-11351.
[40]Nkrumah, B., Asante, M., Adbdul-Salam, G. and Adu-Gyamfi, W., 2024. Data-Efficient Image Transformers for Robust Malware Family Classification. Journal of Cybersecurity, 6, p.131.
[41]Li, J. and Luo, X., 2023. Malware family classification based on vision transformer. Journal of Computers, 34(1), pp.87-99.
[42]Katar, O. and Yıldırım, Ö., 2024. Classification of Malware Images Using Fine-Tunned ViT. Sakarya University Journal of Computer and Information Sciences, 7(1), pp.22-35.

Subscribe to receive issue release notifications and newsletters from MECS Press journals