Treffer: A Hybrid Approach to Malware Detection: Integrating YARA-Based Signature Matching with Machine Learning Classification

This work presents a hybrid malware detection system that integrates YARA-based signature matching with machine learning classification to effectively identify both known and unknown malware threats. The proposed solution leverages a modular architecture combining a FastAPI backend, RandomForestClassifier for intelligent classification, and YARA for static rule-based detection. The system achieves high performance with 98.1% precision and 96.4% recall, and demonstrates real-time scanning capabilities with an average processing time under 100 milliseconds. Designed for educational use, small-scale deployment, and research purposes, the framework includes a user-friendly interface and complete open-source implementation. This publication includes source code, documentation, datasets, and detailed experimental validation to ensure reproducibility. The project contributes to the cybersecurity community through open science practices and is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0).