Transfer learning with XAI for robust malware and IoT network security.

Journal: Scientific reports
Published Date: Jul 24, 2025

Abstract

Malware that exploits user privacy has increased in recent decades, and this trend has been linked to shifting international regulations, the expansion of Internet services, and the growth of electronic commerce. Furthermore, it is very challenging to detect privacy malware that uses obfuscation as an evasion tactic due to its behaviour, resilience, and adaptability during runtime. Forensic techniques, such as memory dumping analysis, must be used to enable a system to identify and classify patterns and behaviours that facilitate its eventual identification. This research developed a deep learning model for malware classification on an obfuscated malware dataset, called the MalwareMemoryDump dataset. It implemented transfer learning (TL) to adapt the trained model to NF-TON-IoT and UNSW-NB15, improving intrusion detection in IoT and network traffic. We conducted extensive experiments showing improved accuracy and efficiency in cross-domain detection scenarios. Further, we demonstrate that transfer learning minimises training time and computational requirements compared to training separate models from scratch. Additionally, it offers XAI-based explainability to enhance model transparency and interoperability. We demonstrated the effectiveness of the proposed model in handling diverse heterogeneous cybersecurity threats across memory-based malware analysis, IoT security, and traditional network intrusion detection. The effectiveness of the proposed methodology is evaluated using several key metrics to demonstrate its advantages over conventional methods. Experimental findings show that the proposed framework attains 99.9% accuracy on the MalwareMemoryDump dataset, 96% on the NF-Ton-IoT dataset and UNSW-NB15 datasets. Because of its innovative methodology and ability to generalise datasets, the model is a highly effective approach that outperforms many of the most recent malware detection and other security techniques.

Authors

  • Ahmad Almadhor
    Department of Computer Engineering and Networks, College of Computer and Information Sciences, Jouf University, Sakaka, Saudi Arabia.
  • Shtwai Alsubai
    Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Al-Kharj, Saudi Arabia.
  • Natalia Kryvinska
    Information Systems Department, Faculty of Management, Comenius University in Bratislava, Odbojárov 10, 82005, Bratislava 25, Slovakia. natalia.kryvinska@fm.uniba.sk.
  • Abdullah Al Hejaili
    Faculty of Computers & Information Technology, Computer Science Department, University of Tabuk, Tabuk, Saudi Arabia.
  • Belgacem Bouallegue
    Department of Computer Engineering, College of Computer Science, King Khalid University, ABHA, 61421, Saudi Arabia.
  • Mohamed Ayari
    Department of Information Technology, Faculty of Computing and Information Technology, Northern Border University, Arar, Saudi Arabia.
  • Sidra Abbas
    Department of Computer Science, COMSATS University, Sahiwal, Pakistan.

Keywords

No keywords available for this article.

External Resources

Popular Topics
Recent Journals