Machine learning techniques for real-time malware classification and threat detection in distributed systems

Chukwuani, Elvis Nnaemeka and Odunsi, Ololade R and Ikemefuna, Chukwujekwu Damian (2025) Machine learning techniques for real-time malware classification and threat detection in distributed systems. World Journal of Advanced Research and Reviews, 26 (3). pp. 2378-2398. ISSN 2581-9615

The proliferation of cyber threats across distributed systems—spanning cloud platforms, edge networks, and Internet-of-Things (IoT) ecosystems—demands robust, adaptive mechanisms for malware classification and real-time threat detection. Traditional signature-based and rule-driven detection systems are increasingly ineffective against rapidly evolving threats, such as polymorphic malware and zero-day attacks. This study explores the application of advanced machine learning (ML) techniques to build a scalable, real-time malware classification and threat detection framework tailored for distributed environments. It integrates supervised learning models including Random Forests, Support Vector Machines (SVM), and Gradient Boosting with deep learning architectures such as Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks to extract temporal, behavioral, and structural features from system logs, network flows, and executable binaries. A hybrid ensemble approach enhances generalization across diverse data sources, while online learning capabilities facilitate continuous model updates from live threat intelligence feeds. The framework is deployed within a decentralized monitoring architecture that supports federated learning, ensuring data privacy across distributed endpoints while maintaining high detection accuracy. Evaluation was conducted using benchmark datasets (CICIDS, EMBER, and custom-labeled logs from industrial control systems), achieving a detection accuracy exceeding 96% and a low false-positive rate under real-time constraints. Notably, the model exhibited resilience to adversarial evasion tactics through adaptive retraining mechanisms. The proposed system not only automates threat classification but also enables anomaly detection and threat prioritization for security analysts. This research underscores the growing utility of ML-driven security solutions in managing the complex threat landscape of distributed digital infrastructures.