No Cover Image

Journal article 41 views 15 downloads

Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation

Farhan Ullah Orcid Logo, Shamsher Ullah, Muhammad Rashid Naeem Orcid Logo, Leonardo Mostarda Orcid Logo, Seungmin Rho Orcid Logo, Cheng Cheng Orcid Logo

Sensors, Volume: 22, Issue: 15, Start page: 5883

Swansea University Author: Cheng Cheng Orcid Logo

  • 67671.VoR.pdf

    PDF | Version of Record

    © 2022 by the authors. This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY) license.

    Download (7.21MB)

Check full text

DOI (Published version): 10.3390/s22155883

Abstract

Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on w...

Full description

Published in: Sensors
ISSN: 1424-8220
Published: MDPI AG 2022
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa67671
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract: Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach.
Keywords: malware detection; malware visualization; transfer learning; network traffic; explainable AI; cyber security
College: Faculty of Science and Engineering
Funders: This research received no external funding.
Issue: 15
Start Page: 5883