A HIERARCHICAL THREAT INTELLIGENCE SYSTEM FOR SCALABLE MALWARE DETECTION

Abstract

The rapid expansion of digital technologies and internet-based applications has significantly increased exposure to cyber threats, particularly malware attacks that compromise data security and system integrity. Traditional malware detection systems have relied on signature-based and rule-based techniques, which identify malicious files using predefined patterns. While effective for known threats, these approaches are inadequate for detecting new, evolving, and obfuscated malware, leading to reduced accuracy and increased system vulnerability. Additionally, conventional methods struggle to process high-dimensional data and handle class imbalance commonly present in real-world cybersecurity datasets. To overcome these challenges, this study proposes a machine learning–based malware classification framework that integrates data preprocessing, exploratory data analysis, and multi-model classification techniques. The system employs classifiers such as Support Vector Machine (SVM), Gaussian Naive Bayes (GNB), and Multinomial Naive Bayes (MNB), along with a novel hybrid model called GaussTree-Stack (HGTS). The HGTS model combines Decision Tree (DT) with GNB to leverage both decision-based and probabilistic learning capabilities. To further enhance performance, the Synthetic Minority Over-sampling Technique (SMOTE) is applied to address class imbalance and improve model generalization. Experimental results demonstrate that the proposed HGTS model achieves a high accuracy of 97.06%, along with strong precision, recall, and F1-score values, outperforming individual classifiers. The system is implemented with a user-friendly graphical interface and model persistence for efficient real-time predictions. This research provides a scalable, accurate, and reliable solution for malware classification, contributing to improved cybersecurity and proactive threat detection in modern digital environments