Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection

In recent years, deep learning gained proliferating popularity in the cybersecurity application domain, since when being compared to traditional machine learning methods, it usually involves less human efforts, produces better results, and provides better generalizability. However, the imbalanced da...

Descripción completa

Detalles Bibliográficos
Autores principales: Wang, Haizhou, Singhal, Anoop, Liu, Peng
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Springer Nature Singapore 2023
Materias:
Research
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9813250/
https://www.ncbi.nlm.nih.gov/pubmed/36620350
http://dx.doi.org/10.1186/s42400-022-00135-8
_version_ 1784863892445331456
author Wang, Haizhou
Singhal, Anoop
Liu, Peng
author_facet Wang, Haizhou
Singhal, Anoop
Liu, Peng
author_sort Wang, Haizhou
collection PubMed
description In recent years, deep learning gained proliferating popularity in the cybersecurity application domain, since when being compared to traditional machine learning methods, it usually involves less human efforts, produces better results, and provides better generalizability. However, the imbalanced data issue is very common in cybersecurity, which can substantially deteriorate the performance of the deep learning models. This paper introduces a transfer learning based method to tackle the imbalanced data issue in cybersecurity using return-oriented programming payload detection as a case study. We achieved 0.0290 average false positive rate, 0.9705 average F1 score and 0.9521 average detection rate on 3 different target domain programs using 2 different source domain programs, with 0 benign training data sample in the target domain. The performance improvement compared to the baseline is a trade-off between false positive rate and detection rate. Using our approach, the total number of false positives is reduced by 23.16%, and as a trade-off, the number of detected malicious samples decreases by 0.68%.
format Online
Article
Text
id pubmed-9813250
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher Springer Nature Singapore
record_format MEDLINE/PubMed
spelling pubmed-98132502023-01-06 Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection Wang, Haizhou Singhal, Anoop Liu, Peng Cybersecur (Singap) Research In recent years, deep learning gained proliferating popularity in the cybersecurity application domain, since when being compared to traditional machine learning methods, it usually involves less human efforts, produces better results, and provides better generalizability. However, the imbalanced data issue is very common in cybersecurity, which can substantially deteriorate the performance of the deep learning models. This paper introduces a transfer learning based method to tackle the imbalanced data issue in cybersecurity using return-oriented programming payload detection as a case study. We achieved 0.0290 average false positive rate, 0.9705 average F1 score and 0.9521 average detection rate on 3 different target domain programs using 2 different source domain programs, with 0 benign training data sample in the target domain. The performance improvement compared to the baseline is a trade-off between false positive rate and detection rate. Using our approach, the total number of false positives is reduced by 23.16%, and as a trade-off, the number of detected malicious samples decreases by 0.68%. Springer Nature Singapore 2023-01-05 2023 /pmc/articles/PMC9813250/ /pubmed/36620350 http://dx.doi.org/10.1186/s42400-022-00135-8 Text en © The Author(s) 2023 https://creativecommons.org/licenses/by/4.0/Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) .
spellingShingle Research
Wang, Haizhou
Singhal, Anoop
Liu, Peng
Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection
title Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection
title_full Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection
title_fullStr Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection
title_full_unstemmed Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection
title_short Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection
title_sort tackling imbalanced data in cybersecurity with transfer learning: a case with rop payload detection
topic Research
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9813250/
https://www.ncbi.nlm.nih.gov/pubmed/36620350
http://dx.doi.org/10.1186/s42400-022-00135-8
work_keys_str_mv AT wanghaizhou tacklingimbalanceddataincybersecuritywithtransferlearningacasewithroppayloaddetection
AT singhalanoop tacklingimbalanceddataincybersecuritywithtransferlearningacasewithroppayloaddetection
AT liupeng tacklingimbalanceddataincybersecuritywithtransferlearningacasewithroppayloaddetection

Ejemplares similares