[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-85158-en":3,"doc-seo-85158-105":29,"detail-sidebar-cat-0-en-105":83},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},85158,1374391974468,"Eden","https://ap-avatar.wpscdn.com/davatar_29158cc5080c5b710cf443261637dec0",8,"Research & Report","SMETA-ZSL: Semantic Meta-Alignment for Zero-Shot Threat Classification","Cybersecurity systems must adapt quickly to newly emerging threats, yet labeled data for new categories is often unavailable at first appearance. Generalized zero-shot learning addresses this by recognizing unseen classes using auxiliary semantic knowledge instead of labeled examples. SMETA-ZSL leverages large language models to transform unstructured CTI reports into semantic prototypes, while handling semantic overlap, cross-modal heterogeneity, severe class imbalance, and open-set conditions. Experiments on 7 benchmarks show state-of-the-art generalized zero-shot performance, improving average results by 10.8 points and up to 18.1.","arXiv :2607 .09936v 1 [ cs .LG] 10 Jul 2026  \nSMETA-ZSL: Semantic Meta-Alignment for Zero-Shot Threat Classification  \nIvan Alejandro Montoya Sanchez, Anantaa Kotal, Aritran Piplai  \nThe University of Texas at El Paso 500 W. University Avenue El Paso, TX 79968, USA  \n[iamontoyasa@miners.utep.edu](iamontoyasa@miners.utep.edu) , {akotal,[apiplai](apiplai}@utep.edu)[}](apiplai}@utep.edu)[@utep.edu](apiplai}@utep.edu)  \nAbstract  \nCybersecurity systems must adapt rapidly to emerging threats. However, labeled data for new threat categories is unavailable when those threats first appear. Generalized zero-shot learning offers a natural solution by enabling recognition of unseen classes through auxiliary semantic knowledge rather than labeled examples. Large language models are particularly promising in this setting because they can convert unstructured CTI reports into semantic prototypes for emerging threats. However, applying language-driven zero-shot learning to cybersecurity is difficult due to strong semantic overlap between threat descriptions, heterogeneity between behavioral attributes and text, severe class imbalance, and open-set conditions where unseen threats are unknown during training. We propose SMETA-ZSL, that learns semantic prototypes from overlapping language descriptions through contrastive finetuning, aligns behavioral features through episodic meta-learning and knowledge distillation, and performs adaptive routing for generalization across seen-unseen classes. Across 7 benchmarks, SMETA-ZSL delivers the strongest overall generalized zeroshot performance under the strictest inductive setting, surpassing prior methods by 10.8 points on average, with gains up to 18.1 points. Github:  \n[https://github.com/Security-And-Intelligence-Lab-UTEP/SMETA-ZSL](https://github.com/Security-And-Intelligence-Lab-UTEP/SMETA-ZSL)  \n1 Introduction  \nCyber defense systems rely on large amounts of raw data, such as malware samples or logs, to train and update models, yet this data is often difficult to obtain, slow to analyze, and not always available when new threats emerge. Consider the task of malware classification: the continuous emergence of new variants and families (Tang et al., 2023) necessitates frequent retraining of classifiers, imposing significant computational overhead (Li et al., 2024a) and making it difficult to obtain timely, labeled data for adapting models to new threats (Barros et al., 2022; Aurna et al., 2025) . In contrast, Cyber Threat Intelligence (CTI) reports are regularly published by analysts and provide timely natural language descriptions of attacker behavior. However, most defense systems do not operate over natural language, and therefore cannot directly use CTI to adapt or update their behavior, leaving valuable intelligence underutilized. Large Language Models (LLMs) offer a way to process CTI and extract information that can be used by downstream systems. Prior work (Chakraborty et al., 2026; Mitra et al., 2025; Bertiger et al., 2025; Schwartz et al., 2025) has largely focused on using LLMs to generate rule-based defenses. In contrast, leveraging CTI to update data-driven, black-box machine learning systems is significantly more difficult, as it requires converting textual descriptions into signals that can influence model behavior without access to raw data. This gap creates an important language modeling problem: can language models convert unstructured threat reports into representations that are useful for updating non-linguistic machine learning systems, even when no labeled examples of the new threat exist? Directly using LLMs for zero-shot malware or attack detection is challenging because cybersecurity artifacts are often too large to analyze in full, making inference costly and frequently exceeding practical context-window limits (Qian et al., 2025) . Truncating these artifacts into abstract  \nfeatures degrades performance (Zhou et al., 2024) . Instead, the goal is to extract and transfer k","cbCaidKGXpMn7Zof","https://ap.wps.com/l/cbCaidKGXpMn7Zof","pdf",853325,1,17,"English","en",105,"# Introduction\n## Problem Motivation\n## Generalized Zero-Shot Learning Formulation\n## Key Challenges\n# Proposed Method\n## Semantic Meta-Alignment (SMETA-ZSL)\n## Contrastive Finetuning and Prototyping\n## Episodic Meta-Learning and Knowledge Distillation\n## Adaptive Routing for Seen-Unseen Generalization","[{\"question\":\"What techniques does SMETA-ZSL introduce to improve alignment and generalization?\",\"answer\":\"SMETA-ZSL learns semantic prototypes from overlapping language descriptions using contrastive finetuning, aligns behavioral features through episodic meta-learning and knowledge distillation, and applies adaptive routing to generalize across seen and unseen classes.\"}]",1784201453,43,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":78,"head_meta":80,"extra_data":82,"updated_unix":27},"smeta-zsl-semantic-meta-alignment-for-zero-shot-threat-classification","",{"@graph":35,"@context":77},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/smeta-zsl-semantic-meta-alignment-for-zero-shot-threat-classification/85158/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71],{"name":72,"@type":73,"acceptedAnswer":74},"What techniques does SMETA-ZSL introduce to improve alignment and generalization?","Question",{"text":75,"@type":76},"SMETA-ZSL learns semantic prototypes from overlapping language descriptions using contrastive finetuning, aligns behavioral features through episodic meta-learning and knowledge distillation, and applies adaptive routing to generalize across seen and unseen classes.","Answer","https://schema.org",{"og:url":51,"og:type":79,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":81,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":84},[85,89,93,97,102,107,112,115,120,123,127],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":86,"show_sort_weight":87,"slug":88},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":90,"show_sort_weight":91,"slug":92},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Exam",70,"exam",{"id":98,"doc_module":4,"doc_module_name":45,"category_name":99,"show_sort_weight":100,"slug":101},5,"Comic",60,"comic",{"id":103,"doc_module":4,"doc_module_name":45,"category_name":104,"show_sort_weight":105,"slug":106},6,"Technology",50,"technology",{"id":108,"doc_module":4,"doc_module_name":45,"category_name":109,"show_sort_weight":110,"slug":111},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":113,"slug":114},30,"research-report",{"id":116,"doc_module":4,"doc_module_name":45,"category_name":117,"show_sort_weight":118,"slug":119},9,"Religion & Spirituality",20,"religion-spirituality",{"id":118,"doc_module":4,"doc_module_name":45,"category_name":121,"show_sort_weight":118,"slug":122},"World Cup","world-cup",{"id":124,"doc_module":4,"doc_module_name":45,"category_name":125,"show_sort_weight":124,"slug":126},10,"Lifestyle","lifestyle",{"id":128,"doc_module":4,"doc_module_name":45,"category_name":129,"show_sort_weight":98,"slug":130},19,"General","general"]