{"id":"https://openalex.org/W7117875762","doi":"https://doi.org/10.1109/milcom64451.2025.11310010","title":"From Packets to Pixels: A Vision Transformer &amp; Few-Shot Learning Approach to Malicious Network Threat Detection","display_name":"From Packets to Pixels: A Vision Transformer &amp; Few-Shot Learning Approach to Malicious Network Threat Detection","publication_year":2025,"publication_date":"2025-10-06","ids":{"openalex":"https://openalex.org/W7117875762","doi":"https://doi.org/10.1109/milcom64451.2025.11310010"},"language":null,"primary_location":{"id":"doi:10.1109/milcom64451.2025.11310010","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11310010","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113283941","display_name":"K. Stein","orcid":"https://orcid.org/0009-0005-4706-5797"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kyle Stein","raw_affiliation_strings":["Johns Hopkins University,Department of Computer Science,Baltimore,USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University,Department of Computer Science,Baltimore,USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Aron Price","orcid":null},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aron Price","raw_affiliation_strings":["Johns Hopkins University,Department of Computer Science,Baltimore,USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University,Department of Computer Science,Baltimore,USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013998212","display_name":"Justin J. Donato","orcid":"https://orcid.org/0000-0002-1201-7120"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Justin Donato","raw_affiliation_strings":["Johns Hopkins University,Department of Computer Science,Baltimore,USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University,Department of Computer Science,Baltimore,USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121703891","display_name":"Michael Cui","orcid":null},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Cui","raw_affiliation_strings":["Johns Hopkins University,Department of Computer Science,Baltimore,USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University,Department of Computer Science,Baltimore,USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121697461","display_name":"Humberto Ontiveros Garcia","orcid":null},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Humberto Ontiveros Garcia","raw_affiliation_strings":["Johns Hopkins University,Department of Computer Science,Baltimore,USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University,Department of Computer Science,Baltimore,USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035321347","display_name":"Lanier Watkins","orcid":"https://orcid.org/0000-0002-3322-1833"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lanier Watkins","raw_affiliation_strings":["Johns Hopkins University,Department of Computer Science,Baltimore,USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University,Department of Computer Science,Baltimore,USA","institution_ids":["https://openalex.org/I145311948"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5113283941"],"corresponding_institution_ids":["https://openalex.org/I145311948"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.64954157,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.6172000169754028,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.6172000169754028,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.13850000500679016,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.12240000069141388,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5497999787330627},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5292999744415283},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.48249998688697815},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.4722999930381775},{"id":"https://openalex.org/keywords/feature-learning","display_name":"Feature learning","score":0.4715000092983246},{"id":"https://openalex.org/keywords/transformer","display_name":"Transformer","score":0.3970000147819519},{"id":"https://openalex.org/keywords/retraining","display_name":"Retraining","score":0.36809998750686646},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.36070001125335693}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7770000100135803},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.554099977016449},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5497999787330627},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5292999744415283},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.48249998688697815},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.4722999930381775},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.4715000092983246},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46810001134872437},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.3970000147819519},{"id":"https://openalex.org/C2778712577","wikidata":"https://www.wikidata.org/wiki/Q3505966","display_name":"Retraining","level":2,"score":0.36809998750686646},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.36070001125335693},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.3529999852180481},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.35030001401901245},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.3456000089645386},{"id":"https://openalex.org/C183322885","wikidata":"https://www.wikidata.org/wiki/Q17007702","display_name":"Context model","level":3,"score":0.3111000061035156},{"id":"https://openalex.org/C164155591","wikidata":"https://www.wikidata.org/wiki/Q2067766","display_name":"Satisfiability modulo theories","level":2,"score":0.29679998755455017},{"id":"https://openalex.org/C136536468","wikidata":"https://www.wikidata.org/wiki/Q1225894","display_name":"Undersampling","level":2,"score":0.28790000081062317},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.2849000096321106},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.27639999985694885},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.27059999108314514},{"id":"https://openalex.org/C138236772","wikidata":"https://www.wikidata.org/wiki/Q25098575","display_name":"Edge device","level":3,"score":0.26919999718666077},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.2655999958515167},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.25679999589920044},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.2554999887943268},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom64451.2025.11310010","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11310010","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6338030695915222,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W2800111293","https://openalex.org/W3004414291","https://openalex.org/W3011040471","https://openalex.org/W3120795858","https://openalex.org/W3128356876","https://openalex.org/W3155868884","https://openalex.org/W3199416276","https://openalex.org/W3215966579","https://openalex.org/W4225114726","https://openalex.org/W4306796170","https://openalex.org/W4312384107","https://openalex.org/W4379659755","https://openalex.org/W4382281941","https://openalex.org/W4388019121","https://openalex.org/W4396505479","https://openalex.org/W4400492610","https://openalex.org/W4405104357","https://openalex.org/W4413278044"],"related_works":[],"abstract_inverted_index":{"Deep":[0],"learning":[1,47,203],"excels":[2],"at":[3,60],"deriving":[4],"rich,":[5],"high-dimensional":[6],"features":[7],"from":[8,28],"modalities":[9],"such":[10,49],"as":[11,50,98,137,152],"text,":[12],"audio,":[13],"and":[14,126],"images.":[15],"In":[16,108],"network":[17,96],"security,":[18],"these":[19,56,149],"methods":[20,57],"offer":[21],"a":[22,113,130,138,155,211],"path":[23],"to":[24,67,89,103,159,185,193,195,204,207],"learn":[25],"deep":[26,46],"representations":[27],"the":[29,90,163,176,187,191,215],"vast":[30],"volumes":[31],"of":[32,80,189],"traffic":[33],"that":[34,70,117],"modern":[35],"infrastructures":[36],"carry.":[37],"However,":[38,93],"current":[39],"malware-traffic":[40,217],"analysis":[41],"workflows":[42],"rely":[43],"on":[44,129],"classical":[45],"methods,":[48],"convolutional":[51],"or":[52],"sequential":[53],"architectures.":[54],"While":[55],"are":[58],"effective":[59],"capturing":[61],"local":[62],"byte-sequence":[63],"patterns,":[64],"they":[65],"struggle":[66],"model":[68,192],"dependencies":[69],"span":[71],"long":[72],"packet":[73,150],"flows.":[74],"Transformer":[75,157],"models,":[76],"with":[77],"their":[78],"use":[79],"self-attention,":[81],"help":[82],"address":[83,186],"this":[84,109],"limitation":[85,188],"by":[86],"attending":[87],"globally":[88],"input":[91,106,140,153],"sequence.":[92],"treating":[94],"each":[95],"byte":[97,120],"an":[99],"individual":[100],"token":[101],"leads":[102],"lengthy":[104],"one-dimensional":[105],"sequences.":[107],"paper,":[110],"we":[111,147,200],"introduce":[112,201],"compact,":[114],"image-inspired":[115],"encoding":[116],"converts":[118],"contiguous":[119],"segments":[121],"into":[122,154],"fixed":[123],"patch":[124,135],"sizes":[125],"arranges":[127],"them":[128],"two-dimensional":[131],"grid.":[132],"Each":[133],"resulting":[134],"functions":[136],"single":[139],"token,":[141],"dramatically":[142],"reducing":[143],"sequence":[144],"length.":[145],"Next,":[146],"leverage":[148],"images":[151],"Vision":[156],"(ViT)":[158],"efficiently":[160],"attend":[161],"across":[162,224],"entire":[164],"packet.":[165],"This":[166],"patch-based":[167],"representation":[168],"preserves":[169],"global":[170],"context":[171],"for":[172],"self-attention":[173],"while":[174],"exploiting":[175],"ViT\u2019s":[177],"strength":[178],"in":[179,210],"modeling":[180],"spatially":[181],"structured":[182],"inputs.":[183],"Lastly,":[184],"retraining":[190],"generalize":[194],"newly":[196],"introduced":[197],"malware":[198,226],"classes,":[199],"few-shot":[202],"quickly":[205],"adapt":[206],"novel":[208],"classes":[209],"data-restricted":[212],"environment.":[213],"On":[214],"CIC-IoT23":[216],"dataset,":[218],"our":[219],"approach":[220],"achieves":[221],"impressive":[222],"accuracy":[223],"multiple":[225],"families,":[227],"outperforming":[228],"baseline":[229],"methods.":[230]},"counts_by_year":[],"updated_date":"2026-04-17T18:11:37.981687","created_date":"2026-01-01T00:00:00"}