BEACON: Behavioral Malware Classification with Large Language Model Embeddings and Deep Learning

Abstract--Malware is becoming increasingly complex and widespread, making it essential to develop more effective and timely detection methods. Traditional static analysis often fails to defend against modern threats that employ code obfuscation, polymorphism, and other evasion techniques. In contrast, behavioral malware detection, which monitors runtime activities, provides a more reliable and context-aware solution. In this work, we propose BEACON, a novel deep learning framework that leverages large language models (LLMs) to generate dense, contextual embeddings from raw sandbox-generated behavior reports. These embeddings capture semantic and structural patterns of each sample and are processed by a one-dimensional convolutional neural network (1D CNN) for multi-class malware classification. Evaluated on the A vast-CTU Public CAPE Dataset, our framework consistently outperforms existing methods, highlighting the effectiveness of LLM-based behavioral embeddings and the overall design of BEACON for robust malware classification. Malware evolution presents persistent challenges to cyberse-curity. These threats are primary causes of system compromise and operational disruption, underscoring the need for more effective detection methods. Reliable identification of malware is important to initiate rapid mitigation measures, contain threats, and prevent widespread system compromise.