MalGTA: Large language Model-based Guided Malware Tactical Analysis

In High-Performance Computing (HPC) environments, a comprehensive understanding of cybersecurity threats and their underlying attack strategies is essential. However, current research predominantly focuses on maliciousness determination, typically emphasizing the code's operational behaviors rather than the attack strategies employed. The advancements in multimedia computing, particularly Large Language Models (LLMs), have paved the way for innovative solutions to the aforementioned bottleneck. This work proposes MalGTA (Guided Malware Tactical Analysis), an LLM-based system that automates ATT\&CK (Adversarial Tactics, Techniques, and Common Knowledge)-aligned malware tactical analysis through Cuckoo Sandbox-driven dynamic profiling. Specifically, we construct a multi-source knowledge base integrated with Retrieval-Augmented Generation (RAG), which mitigates hallucinations in LLMs through context-sensitive threat intelligence retrieval. In addition, we propose a query optimization strategy to address challenges related to input information overload and attention dispersion in LLMs, enabling context-aware data refinement from Cuckoo reports. Finally, this study conducts dynamic analysis on classical VirusShare and Advanced Persistent Threat (APT) samples and constructs an evaluation dataset based on the authoritative malware analysis platform HybridAnalysis. Experimental results show the effectiveness of the method.