Cyber Threat Detection using Artificial Intelligence

Abstract

In this study, we explore advanced malware detection methods by leveraging hybrid feature analysis, combining both binary and hexadecimal data with dynamic DLL call behavior. Artificial intelligence (AI) is integrated into this detection process to enable automated pattern recognition, anomaly detection, and continuous adaptation to evolving threats. The Genetic Programming Symbolic Classifier (GPSC) algorithm was applied to extract symbolic expressions (SEs) for malware classification, addressing the challenges of imbalanced datasets through oversampling techniques and random hyperparameter value search (RHVS). The GPSC was validated using five-fold cross-validation (5FCV) on balanced dataset variations and evaluated through multiple performance metrics such as accuracy (0.9962), AUC, and F1-score. Furthermore, the study compares deep learning techniques like Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks, utilized within an AI-SIEM framework for real-time event profiling, against traditional machine learning algorithms such as SVM, Decision Trees, Random Forest, KNN, and Naïve Bayes. Results demonstrate the superior performance of AI-based models in detecting complex, polymorphic malware threats, offering a proactive and efficient cybersecurity solution.