• In response to the proliferation of malware, Orange is offering tailored solutions powered by AI. This includes two projects developed by Orange Research.
• The Maldive project is a comprehensive malware detection and analysis pipeline.
• The Merlin project tests the effectiveness of detection systems by feeding them malware that it has modified.
Every second, 3.2 new pieces of malware and/or potentially unwanted applications[1] (PUA) are discovered worldwide. The threat posed by malware is not new, but it continues to grow in scale and sophistication, especially with the possibilities opened by generative AI.
Orange is helping to combat this threat with two innovative tools.
Using AI to modify the structure of malware and attempt to make it invisible to a detection system, to test the system’s resilience
A versatile and high-performance analysis system
The first, Maldive, consists of a complete malware detection and analysis pipeline. It integrates an analysis module (MalID), a database storing malicious files and associated analysis reports (Malika), and a web interface allowing users to interact with the two previous components.
MalID, which forms the core of the solution, relies on static, dynamic, and AI-based analysis mechanisms to break down and scrutinize input files. The output is a comprehensive report that serves as a detailed profile of the malicious file—including its nature, metadata, behavioral information, and more—accessible and actionable by malware and cybersecurity analysts.
This pipeline, currently in the prototype stage, delivers performance levels comparable to those of commercial solutions. Notably, it achieves a detection and classification accuracy rate of 90% to 95% on test sets, with analysis times under one minute (for static and AI analysis). Its uniqueness is evident in other aspects as well.
Sovereignty and scalability
Already, Maldive offers the advantage of consolidating and centralizing functions that are often fragmented: everything the analyst needs is within the tool. Above all, “its major added value lies in its sovereign code,” explains Benjamin Marais, Research Engineer. “We maintain control over the end-to-end pipeline and can thus avoid any dependence on external analytics platforms. This is important in terms of data control, and for our ability to iteratively enhance the product as threats and user expectations evolve. In this regard, our 2026 roadmap specifically includes considerations regarding the explainability of the models we develop, a key challenge for fostering adoption of the solution by domain experts.”
Merlin: a dash of alchemy in malware
The second innovation, Merlin, puts forward a bold proposal: using AI to modify the structure of malware and attempt to make it invisible to a detection system, to test the system’s resilience.
“The project, which stems from a research question, has yielded compelling results that have piqued the interest of the DSEC [Orange Group Security Division] for use in testing the effectiveness of antivirus software,” explains Tony Quertier, Senior Researcher and AI & Cyber Technical Lead.
“Because the ultimate goal lies exclusively in auditing and benchmarking market solutions and the models on which they are based, to guide decision-making.”
But how does Merlin work? “We use reinforcement learning,” Tony continues. “To put it simply, the program performs an action, checks if it is successful, and is rewarded if it is. We defined a series of actions the algorithm could take, and it learned and retained the most effective ones—that is, what needs to be added to the malware so it is no longer detected. »
From Research to Deployment
Orange is testing the robustness of its Merlin solutions with HarfangLab, a French cybersecurity specialist, regularly expanding and refining the catalog of modification actions.
After proving itself in a laboratory environment, Maldive could soon move to a real-world operational setting, as discussions on use-case studies are underway within the Orange Group. Stay tuned!
[1] Source https://portal.av-atlas.org/
