Journal article 41 views 15 downloads
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation
Farhan Ullah 
,
Shamsher Ullah,
Muhammad Rashid Naeem ,
Leonardo Mostarda ,
Seungmin Rho ,
Cheng Cheng
,
Shamsher Ullah,
Muhammad Rashid Naeem ,
Leonardo Mostarda ,
Seungmin Rho ,
Cheng Cheng
Sensors, Volume: 22, Issue: 15, Start page: 5883
Swansea University Author:
Cheng Cheng
-
PDF | Version of Record
© 2022 by the authors. This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY) license.
Download (7.21MB)
DOI (Published version): 10.3390/s22155883
Abstract
Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on w...
| Published in: | Sensors |
|---|---|
| ISSN: | 1424-8220 |
| Published: |
MDPI AG
2022
|
| Online Access: |
Check full text
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa67671 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| first_indexed |
2024-10-24T14:31:18Z |
|---|---|
| last_indexed |
2024-10-24T14:31:18Z |
| id |
cronfa67671 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0" encoding="utf-8"?><rfc1807 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><bib-version>v2</bib-version><id>67671</id><entry>2024-09-12</entry><title>Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation</title><swanseaauthors><author><sid>11ddf61c123b99e59b00fa1479367582</sid><ORCID>0000-0003-0371-9646</ORCID><firstname>Cheng</firstname><surname>Cheng</surname><name>Cheng Cheng</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2024-09-12</date><deptcode>MACS</deptcode><abstract>Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach.</abstract><type>Journal Article</type><journal>Sensors</journal><volume>22</volume><journalNumber>15</journalNumber><paginationStart>5883</paginationStart><paginationEnd/><publisher>MDPI AG</publisher><placeOfPublication/><isbnPrint/><isbnElectronic/><issnPrint/><issnElectronic>1424-8220</issnElectronic><keywords>malware detection; malware visualization; transfer learning; network traffic; explainable AI; cyber security</keywords><publishedDay>6</publishedDay><publishedMonth>8</publishedMonth><publishedYear>2022</publishedYear><publishedDate>2022-08-06</publishedDate><doi>10.3390/s22155883</doi><url/><notes/><college>COLLEGE NANME</college><department>Mathematics and Computer Science School</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>MACS</DepartmentCode><institution>Swansea University</institution><apcterm>Another institution paid the OA fee</apcterm><funders>This research received no external funding.</funders><projectreference/><lastEdited>2024-10-24T15:33:41.0054301</lastEdited><Created>2024-09-12T14:48:57.0623759</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Farhan</firstname><surname>Ullah</surname><orcid>0000-0002-1030-1275</orcid><order>1</order></author><author><firstname>Shamsher</firstname><surname>Ullah</surname><order>2</order></author><author><firstname>Muhammad Rashid</firstname><surname>Naeem</surname><orcid>0000-0003-2341-0443</orcid><order>3</order></author><author><firstname>Leonardo</firstname><surname>Mostarda</surname><orcid>0000-0001-8852-8317</orcid><order>4</order></author><author><firstname>Seungmin</firstname><surname>Rho</surname><orcid>0000-0003-1936-6785</orcid><order>5</order></author><author><firstname>Cheng</firstname><surname>Cheng</surname><orcid>0000-0003-0371-9646</orcid><order>6</order></author></authors><documents><document><filename>67671__32706__24a8a08f297d46fba3e71c1cd913a9c3.pdf</filename><originalFilename>67671.VoR.pdf</originalFilename><uploaded>2024-10-24T15:32:29.4472931</uploaded><type>Output</type><contentLength>7563932</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><documentNotes>© 2022 by the authors. This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY) license.</documentNotes><copyrightCorrect>true</copyrightCorrect><language>eng</language><licence>https://creativecommons.org/licenses/by/4.0/</licence></document></documents><OutputDurs/></rfc1807> |
| spelling |
v2 67671 2024-09-12 Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation 11ddf61c123b99e59b00fa1479367582 0000-0003-0371-9646 Cheng Cheng Cheng Cheng true false 2024-09-12 MACS Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach. Journal Article Sensors 22 15 5883 MDPI AG 1424-8220 malware detection; malware visualization; transfer learning; network traffic; explainable AI; cyber security 6 8 2022 2022-08-06 10.3390/s22155883 COLLEGE NANME Mathematics and Computer Science School COLLEGE CODE MACS Swansea University Another institution paid the OA fee This research received no external funding. 2024-10-24T15:33:41.0054301 2024-09-12T14:48:57.0623759 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Farhan Ullah 0000-0002-1030-1275 1 Shamsher Ullah 2 Muhammad Rashid Naeem 0000-0003-2341-0443 3 Leonardo Mostarda 0000-0001-8852-8317 4 Seungmin Rho 0000-0003-1936-6785 5 Cheng Cheng 0000-0003-0371-9646 6 67671__32706__24a8a08f297d46fba3e71c1cd913a9c3.pdf 67671.VoR.pdf 2024-10-24T15:32:29.4472931 Output 7563932 application/pdf Version of Record true © 2022 by the authors. This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY) license. true eng https://creativecommons.org/licenses/by/4.0/ |
| title |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation |
| spellingShingle |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation Cheng Cheng |
| title_short |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation |
| title_full |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation |
| title_fullStr |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation |
| title_full_unstemmed |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation |
| title_sort |
Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation |
| author_id_str_mv |
11ddf61c123b99e59b00fa1479367582 |
| author_id_fullname_str_mv |
11ddf61c123b99e59b00fa1479367582_***_Cheng Cheng |
| author |
Cheng Cheng |
| author2 |
Farhan Ullah Shamsher Ullah Muhammad Rashid Naeem Leonardo Mostarda Seungmin Rho Cheng Cheng |
| format |
Journal article |
| container_title |
Sensors |
| container_volume |
22 |
| container_issue |
15 |
| container_start_page |
5883 |
| publishDate |
2022 |
| institution |
Swansea University |
| issn |
1424-8220 |
| doi_str_mv |
10.3390/s22155883 |
| publisher |
MDPI AG |
| college_str |
Faculty of Science and Engineering |
| hierarchytype |
|
| hierarchy_top_id |
facultyofscienceandengineering |
| hierarchy_top_title |
Faculty of Science and Engineering |
| hierarchy_parent_id |
facultyofscienceandengineering |
| hierarchy_parent_title |
Faculty of Science and Engineering |
| department_str |
School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science |
| document_store_str |
1 |
| active_str |
0 |
| description |
Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach. |
| published_date |
2022-08-06T15:33:39Z |
| _version_ |
1813806232729812992 |
| score |
11.035634 |