Transfer learning with XAI for robust malware and IoT network security
Abstract Malware that exploits user privacy has increased in recent decades, and this trend has been linked to shifting international regulations, the expansion of Internet services, and the growth of electronic commerce. Furthermore, it is very challenging to detect privacy malware that uses obfusc...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-07-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-12404-w |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849766753060519936 |
|---|---|
| author | Ahmad Almadhor Shtwai Alsubai Natalia Kryvinska Abdullah Al Hejaili Belgacem Bouallegue Mohamed Ayari Sidra Abbas |
| author_facet | Ahmad Almadhor Shtwai Alsubai Natalia Kryvinska Abdullah Al Hejaili Belgacem Bouallegue Mohamed Ayari Sidra Abbas |
| author_sort | Ahmad Almadhor |
| collection | DOAJ |
| description | Abstract Malware that exploits user privacy has increased in recent decades, and this trend has been linked to shifting international regulations, the expansion of Internet services, and the growth of electronic commerce. Furthermore, it is very challenging to detect privacy malware that uses obfuscation as an evasion tactic due to its behaviour, resilience, and adaptability during runtime. Forensic techniques, such as memory dumping analysis, must be used to enable a system to identify and classify patterns and behaviours that facilitate its eventual identification. This research developed a deep learning model for malware classification on an obfuscated malware dataset, called the MalwareMemoryDump dataset. It implemented transfer learning (TL) to adapt the trained model to NF-TON-IoT and UNSW-NB15, improving intrusion detection in IoT and network traffic. We conducted extensive experiments showing improved accuracy and efficiency in cross-domain detection scenarios. Further, we demonstrate that transfer learning minimises training time and computational requirements compared to training separate models from scratch. Additionally, it offers XAI-based explainability to enhance model transparency and interoperability. We demonstrated the effectiveness of the proposed model in handling diverse heterogeneous cybersecurity threats across memory-based malware analysis, IoT security, and traditional network intrusion detection. The effectiveness of the proposed methodology is evaluated using several key metrics to demonstrate its advantages over conventional methods. Experimental findings show that the proposed framework attains 99.9% accuracy on the MalwareMemoryDump dataset, 96% on the NF-Ton-IoT dataset and UNSW-NB15 datasets. Because of its innovative methodology and ability to generalise datasets, the model is a highly effective approach that outperforms many of the most recent malware detection and other security techniques. |
| format | Article |
| id | doaj-art-ae691062bd824fcaa5437af95c2a5ff7 |
| institution | DOAJ |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-ae691062bd824fcaa5437af95c2a5ff72025-08-20T03:04:29ZengNature PortfolioScientific Reports2045-23222025-07-0115112110.1038/s41598-025-12404-wTransfer learning with XAI for robust malware and IoT network securityAhmad Almadhor0Shtwai Alsubai1Natalia Kryvinska2Abdullah Al Hejaili3Belgacem Bouallegue4Mohamed Ayari5Sidra Abbas6Department of Computer Engineering and Networks, College of Computer and Information Sciences, Jouf UniversityCollege of Computer Engineering and Sciences, Prince Sattam bin Abdulaziz UniversityDepartment of Information Management and Business Systems, Comenius University BratislavaComputer Science Department, Faculty of Computers and Information Technology, University of TabukDepartment of Computer Engineering, College of Computer Science, King Khalid UniversityDepartment of Information Technology, Faculty of Computing and Information Technology, Northern Border UniversityDepartment of Computer Engineering, COMSATS University IslamabadAbstract Malware that exploits user privacy has increased in recent decades, and this trend has been linked to shifting international regulations, the expansion of Internet services, and the growth of electronic commerce. Furthermore, it is very challenging to detect privacy malware that uses obfuscation as an evasion tactic due to its behaviour, resilience, and adaptability during runtime. Forensic techniques, such as memory dumping analysis, must be used to enable a system to identify and classify patterns and behaviours that facilitate its eventual identification. This research developed a deep learning model for malware classification on an obfuscated malware dataset, called the MalwareMemoryDump dataset. It implemented transfer learning (TL) to adapt the trained model to NF-TON-IoT and UNSW-NB15, improving intrusion detection in IoT and network traffic. We conducted extensive experiments showing improved accuracy and efficiency in cross-domain detection scenarios. Further, we demonstrate that transfer learning minimises training time and computational requirements compared to training separate models from scratch. Additionally, it offers XAI-based explainability to enhance model transparency and interoperability. We demonstrated the effectiveness of the proposed model in handling diverse heterogeneous cybersecurity threats across memory-based malware analysis, IoT security, and traditional network intrusion detection. The effectiveness of the proposed methodology is evaluated using several key metrics to demonstrate its advantages over conventional methods. Experimental findings show that the proposed framework attains 99.9% accuracy on the MalwareMemoryDump dataset, 96% on the NF-Ton-IoT dataset and UNSW-NB15 datasets. Because of its innovative methodology and ability to generalise datasets, the model is a highly effective approach that outperforms many of the most recent malware detection and other security techniques.https://doi.org/10.1038/s41598-025-12404-wMemory dump analysisTransfer learningIntrusion detection systemDeep neural networksShapley additive explanationsMalware attacks |
| spellingShingle | Ahmad Almadhor Shtwai Alsubai Natalia Kryvinska Abdullah Al Hejaili Belgacem Bouallegue Mohamed Ayari Sidra Abbas Transfer learning with XAI for robust malware and IoT network security Scientific Reports Memory dump analysis Transfer learning Intrusion detection system Deep neural networks Shapley additive explanations Malware attacks |
| title | Transfer learning with XAI for robust malware and IoT network security |
| title_full | Transfer learning with XAI for robust malware and IoT network security |
| title_fullStr | Transfer learning with XAI for robust malware and IoT network security |
| title_full_unstemmed | Transfer learning with XAI for robust malware and IoT network security |
| title_short | Transfer learning with XAI for robust malware and IoT network security |
| title_sort | transfer learning with xai for robust malware and iot network security |
| topic | Memory dump analysis Transfer learning Intrusion detection system Deep neural networks Shapley additive explanations Malware attacks |
| url | https://doi.org/10.1038/s41598-025-12404-w |
| work_keys_str_mv | AT ahmadalmadhor transferlearningwithxaiforrobustmalwareandiotnetworksecurity AT shtwaialsubai transferlearningwithxaiforrobustmalwareandiotnetworksecurity AT nataliakryvinska transferlearningwithxaiforrobustmalwareandiotnetworksecurity AT abdullahalhejaili transferlearningwithxaiforrobustmalwareandiotnetworksecurity AT belgacembouallegue transferlearningwithxaiforrobustmalwareandiotnetworksecurity AT mohamedayari transferlearningwithxaiforrobustmalwareandiotnetworksecurity AT sidraabbas transferlearningwithxaiforrobustmalwareandiotnetworksecurity |