<![CDATA[The increasing diversity of malware targeting heterogeneous computing environments poses significant challenges to conventional detection approaches that rely on domain-specific assumptions. In particular, detection models optimized for a single dataset often exhibit limited robustness when applied to data with different structural and behavioral characteristics. This study analyzes the generalization capability of a Long Short-Term Memory (LSTM) model for behavior-based malware detection across multiple domains. A fixed two-layer LSTM architecture is evaluated using one primary dataset, CIC-MalMem-2022, and four additional datasets representing Android applications, Internet of Things network traffic, botnet behavior, and static Windows Portable Executable analysis. Although each dataset undergoes a dataset-specific preprocessing pipeline, all experiments employ an identical model architecture and hyperparameter configuration to ensure consistent and comparable evaluation. Model performance is assessed using standard classification metrics, supported by single train–test evaluation and five-fold cross-validation to examine performance stability and robustness. The experimental results demonstrate that the LSTM model maintains consistently high detection performance across datasets with diverse characteristics, including both sequential and non-sequential data representations. These findings indicate that the model effectively captures fundamental malware behavior patterns that generalize beyond a single domain, highlighting its potential applicability in heterogeneous cybersecurity environments where cross-domain robustness is required. At the same time, the evaluation is conducted under controlled experimental conditions and does not explicitly address adversarial adaptation or fully dynamic runtime deployment, which should be considered when interpreting the results for practical operational use.]]>
Copyrights © 2026
