Multimodal Windows Malware Detection via Hybrid Analysis and Enriched Graphs: Effectiveness and Explainability

The rapid spread of malware targeting the Windows operating system leads to an increasing and essential need to detect malicious Portable Executable (PE) files. Traditional approaches still face considerable challenges, such as static analysis being misled by obfuscation or anti-static-analysis techniques, whereas dynamic analysis is resource-intensive. Additionally, conventional Deep Learning (DL) models, though powerful, lack interpretability, hindering decision comprehension and verification. This study introduces a multimodal Windows malware detection framework that integrates hybrid analysis, designed to harness the strengths of both static and dynamic analysis to improve detection accuracy and power against evasion. To capture the complex behavioral patterns of malware, the frame-work also incorporates graph-based representations that model API sequences as directed graphs, where nodes represent API functions and edges encode the execution order and contextual relationships. This structural modeling enables a deeper semantic understanding of how API calls interact and unfold over time, facilitating robust behavior-based detection. Notably, the incorporation of XAI (Explainable AI) clarifies critical features within the framework, enhancing reliability and aiding decision analysis. The proposed method improves malware detection performance and provides deeper insights into operational mechanisms.