Cross-Attention Feature Fusion for Interpretable Zero-Day Malware Detection Cybersecurity
Keywords:
Malware Detection, Cross-Attention, Explainable AI, Zero-Day Attacks, Feature Fusion, Cybersecurity
Abstract
The exponential proliferation of sophisticated zero-day malware variants poses critical challenges to traditional signature-based detection systems, necessitating advanced machine learning approaches that combine high-performance classification with transparent decision-making processes. While existing deep learning models achieve remarkable accuracy in malware detection, their black-box nature severely limits adoption in critical cybersecurity applications where interpretability is paramount for threat analysis and incident response. This work presents a novel cross-attention feature fusion architecture integrated with comprehensive explainable artificial intelligence (XAI) techniques for zero-day malware classification and attribution analysis. Our approach employs semantic feature grouping to organize heterogeneous malware characteristics into complementary structural and content-based representations, processed through specialized encoders and fused via multi-head cross-attention mechanisms that enable sophisticated bidirectional information exchange between feature groups. The integrated XAI framework combines Integrated Gradients, SHAP, and LIME techniques to provide both global and local interpretations of classification decisions. Extensive evaluation on large-scale datasets demonstrates exceptional performance: 99.97% accuracy with 0.9999 AUC-ROC on EMBER 2018 (800K samples) and 99.99% accuracy with perfect AUC-ROC on CIC-MalMem-2022 (58.6K samples). Rigorous zero-day evaluation using family-based splitting reveals robust generalization capabilities with minimal performance degradation (0.12% for EMBER 2018, 0.08% for CIC-MalMem-2022) when encountering completely unseen malware families. Ablation studies confirm the critical contribution of cross-attention mechanisms (+0.0277 AUC improvement), while XAI analysis demonstrates high consistency across explanation methods (correlation $>$ 0.84) and provides actionable insights for security analysts. Our approach uniquely combines state-of-the-art detection performance with comprehensive explainability, advancing interpretable cybersecurity AI systems and enabling transparent threat attribution analysis essential for real-world deployment.
Published
2026-01-03
How to Cite
aljarrah, N., Shehadeh, H. H., Obeidat, R. A., & Tawfik, M. (2026). Cross-Attention Feature Fusion for Interpretable Zero-Day Malware Detection Cybersecurity. Statistics, Optimization & Information Computing. https://doi.org/10.19139/soic-2310-5070-2900
Issue
Section
Research Articles
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
