Advanced AI-Powered Malware Detection Framework
A next-gen, AI-augmented malware detection system combining static, behavioral, and heuristic analysis with deep learning for high-fidelity threat classification.
AETHER is a comprehensive malware detection framework that leverages cutting-edge techniques including deep static code analysis, sandbox-based dynamic inspection, memory forensics, and heuristic profiling. Enhanced by a fine-tuned LLaMA 3.2 model specialized in cybersecurity, AETHER is engineered to detect and classify both known and emerging threats.
This is not just an antivirus — it's a threat hunting platform, crafted for researchers, analysts, and defenders.
| Capability | Description |
|---|---|
| Static Analysis | Disassembles APK/PE files, extracts opcodes, detects obfuscation, analyzes permissions |
| Behavioral Sandboxing | Executes binaries in Docker-based sandbox; traces syscalls, file/net activity |
| AI Threat Classification | LLaMA 3.2 classifies malware families, scores severity, and detects anomalies |
| Memory Forensics | Captures volatile memory, extracts shellcode, injected DLLs, encrypted strings |
| Heuristic Profiling | Custom TTP rules aligned with MITRE ATT&CK, detects anti-VM/debug behavior |
| Real-Time Threat Feeds | Syncs with MalwareBazaar, VirusTotal, and Hybrid Analysis for latest IOCs |
| Automated Reports | Generates detailed downloadable reports with logs, scores, graphs |
malware-detection/
│── src/main/java/com/malwaredetection
│ ├── entity/ # POJOs for DB entities
│ ├── validation/ # Input validation logic
│ ├── dao/ # Database access layer
│ ├── service/ # Core logic for file scanning and orchestration
│ ├── userinterface/ # JavaFX and REST controllers
│ ├── utils/ # File handling, hash generation, helpers
│ ├── config/ # Config for DB, AI, external APIs
│ ├── exception/ # User auth and permissions
│ ├── analysis/
│ │ ├── staticanalysis/ # Opcode and disassembly based analysis
│ │ ├── behavioralanalysis/ # TTP rules, anomaly checks
│ │ ├── ai/ # AI/LLM-based threat classification
|── src/main/resources/ # Scripts, configs, trained AI models
│── pom.xml # Maven dependencies
│── README.md # Project documentation
- Core Language: Java
- Frontend: JavaFX
- AI Model: Fine-Tuned LLaMA 3.2
- Containerization: Docker (for behavioral sandboxing)
- Threat Feeds: MalwareBazaar, VirusTotal, Hybrid Analysis APIs
- Supported Formats:
.apk,.exe,.dll
- Opcode pattern recognition
- Obfuscation & packing detection
- Suspicious API imports & permissions analysis
- System call tracing
- Process tree generation
- File/network/registry activity logs
- Trained on malware logs, memory dumps
- Zero-day detection via anomaly scoring
- Explainable outputs for analysts
- In-memory shellcode & artifact extraction
- Runtime snapshots and analysis
- Automatic updates from OSINT APIs
- Integrated malware signature enrichment
- Self-updating threat DB
- Visualized findings (entropy, strings, import/export tables)
- Threat summaries and AI analysis
- Downloadable detailed PDF/HTML reports
- Interactive JavaFX-based UI
- Java 17+
- Maven 3+
- Docker installed and running
- Internet access for threat feed APIs
# Clone the repository
git clone https://github.com/pankhuriVarshney/malware-detection-software.git
cd malware-detection
# Build the project
mvn clean install
# Run the application
mvn javafx:run