Published May 3, 2026
| Version v1
Preprint
Open
PHENOTYPE: Contrastive Behavioural Fingerprinting for Open-World Malware Attribution
Authors/Creators
-
1.
Chandigarh University
Description
This work presents PHENOTYPE, a behavioural malware attribution system that encodes Windows API call sequences into contrastive embeddings for open-world classification. Unlike closed-world classifiers, the proposed approach enables rejection of previously unseen malware families using cosine similarity thresholding in a structured embedding space. The model is evaluated on the WinMET dataset and achieves 71.72% closed-world accuracy with 80.8% rejection of unseen families.
Files
PHENOTYPE - Contrastive Behavioural Fingerprinting for Open-World Malware Attribution.pdf
Files
(4.4 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:6c27590c1b4cefd29be7ce2b001e835c
|
4.4 MB | Preview Download |
Additional details
Software
- Repository URL
- https://github.com/phenotype-malAI/PhenoType-DNA-MalAI
- Programming language
- Python
- Development Status
- Active