Coding
Multi-View Decompilation for LLM-Based Malware Classification
The article presents a study on multi-view decompilation for enhancing malware classification using large language models (LLMs). It introduces a benchmark of benign and malicious binaries decompiled with both Ghidra and RetDec, demonstrating that utilizing multiple decompiler outputs significantly improves the F1 score for malicious classifications, primarily by increasing recall on malicious samples. This approach suggests that multi-decompiler prompting can serve as an effective, training-free method for practitioners to enhance the accuracy of LLM-based malware analysis.
malwaredecompilationllm