Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection

Haizhou Wang, Anoop Singhal, Peng Liu

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

In recent years, deep learning gained proliferating popularity in the cybersecurity application domain, since when being compared to traditional machine learning methods, it usually involves less human efforts, produces better results, and provides better generalizability. However, the imbalanced data issue is very common in cybersecurity, which can substantially deteriorate the performance of the deep learning models. This paper introduces a transfer learning based method to tackle the imbalanced data issue in cybersecurity using return-oriented programming payload detection as a case study. We achieved 0.0290 average false positive rate, 0.9705 average F1 score and 0.9521 average detection rate on 3 different target domain programs using 2 different source domain programs, with 0 benign training data sample in the target domain. The performance improvement compared to the baseline is a trade-off between false positive rate and detection rate. Using our approach, the total number of false positives is reduced by 23.16%, and as a trade-off, the number of detected malicious samples decreases by 0.68%.

Original languageEnglish (US)
Article number2
JournalCybersecurity
Volume6
Issue number1
DOIs
StatePublished - Dec 2023

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Computer Networks and Communications
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection'. Together they form a unique fingerprint.

Cite this