Cyber-threat detection system using a hybrid approach of transfer learning and multi-model image representation

Ullah, Farhan ORCID logoORCID: https://orcid.org/0000-0002-1030-1275, Ullah, Shamsher, Naeem, Muhammad Rashid, Mostarda, Leonardo, Rho, Seungmin and Cheng, Xiaochun ORCID logoORCID: https://orcid.org/0000-0003-0371-9646 (2022) Cyber-threat detection system using a hybrid approach of transfer learning and multi-model image representation. Sensors, 22 (15) , e5883. pp. 1-26. ISSN 1424-8220 [Article] (doi:10.3390/s22155883)

[img]
Preview
PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution 4.0.

Download (2MB) | Preview

Abstract

Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach.

Item Type: Article
Additional Information: This article belongs to the Special Issue Cybersecurity Issues in Smart Grids and Future Power Systems
Keywords (uncontrolled): malware detection, malware visualization, transfer learning, network traffic, explainable AI, cyber security
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 35533
Notes on copyright: Copyright: © 2022 by the authors. Licensee MDPI, Basel, Switzerland.
This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0)
Useful Links:
Depositing User: Jisc Publications Router
Date Deposited: 09 Aug 2022 08:11
Last Modified: 01 Sep 2022 14:56
URI: https://eprints.mdx.ac.uk/id/eprint/35533

Actions (login required)

View Item View Item

Statistics

Activity Overview
6 month trend
3Downloads
6 month trend
8Hits

Additional statistics are available via IRStats2.