LLM-driven Malware Analysis across Code Representations
A Study on the Impact of Code Representation on the Performance of LLM-driven Malware Classification
S.M. Folkertsma (TU Delft - Electrical Engineering, Mathematics and Computer Science)
S.S. Chakraborty – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
P. Pawelczak – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
A. van Deursen – Graduation committee member (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
In this study, we determine the extent to which code representation affects the accuracy of LLM-driven malware analysis. Our results show that LLMs perform significantly better at detecting malware in high-level source code than in binary code. We conduct experiments on samples from the SBAN dataset. In the process, we also evaluate the validity of the SBAN dataset as a benchmark for malware classification, helping direct future efforts toward improving dataset quality.