{"id":"https://openalex.org/W4313590644","doi":"https://doi.org/10.1186/s42400-022-00135-8","title":"Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection","display_name":"Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection","publication_year":2023,"publication_date":"2023-01-05","ids":{"openalex":"https://openalex.org/W4313590644","doi":"https://doi.org/10.1186/s42400-022-00135-8","pmid":"https://pubmed.ncbi.nlm.nih.gov/36620350"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-022-00135-8","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-022-00135-8","pdf_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-022-00135-8","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj","pubmed"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-022-00135-8","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101769226","display_name":"Haizhou Wang","orcid":"https://orcid.org/0000-0002-4130-1833"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Haizhou Wang","raw_affiliation_strings":["College of Information Sciences and Technology, The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088206056","display_name":"Anoop Singhal","orcid":"https://orcid.org/0000-0002-2602-3927"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anoop Singhal","raw_affiliation_strings":["The National Institute of Standards and Technology, Gaithersburg, USA"],"affiliations":[{"raw_affiliation_string":"The National Institute of Standards and Technology, Gaithersburg, USA","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100346828","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5091-8464"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["College of Information Sciences and Technology, The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101769226"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":3.9751,"has_fulltext":true,"cited_by_count":25,"citation_normalized_percentile":{"value":0.94777808,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"6","issue":"1","first_page":"2","last_page":"2"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.8958727121353149},{"id":"https://openalex.org/keywords/transfer-of-learning","display_name":"Transfer of learning","score":0.5018160343170166},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.49523964524269104},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.401762992143631},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.38050174713134766},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22362962365150452}],"concepts":[{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.8958727121353149},{"id":"https://openalex.org/C150899416","wikidata":"https://www.wikidata.org/wiki/Q1820378","display_name":"Transfer of learning","level":2,"score":0.5018160343170166},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.49523964524269104},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.401762992143631},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.38050174713134766},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22362962365150452},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1186/s42400-022-00135-8","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-022-00135-8","pdf_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-022-00135-8","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmid:36620350","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/36620350","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":null},{"id":"pmh:oai:pubmedcentral.nih.gov:9813250","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/9813250","pdf_url":"https://pmc.ncbi.nlm.nih.gov/articles/PMC9813250/pdf/42400_2022_Article_135.pdf","source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecur (Singap)","raw_type":"Text"},{"id":"pmh:oai:doaj.org/article:b5265f15d1ee46f1821df018118b7dd7","is_oa":true,"landing_page_url":"https://doaj.org/article/b5265f15d1ee46f1821df018118b7dd7","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 6, Iss 1, Pp 1-15 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-022-00135-8","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-022-00135-8","pdf_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-022-00135-8","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1391936209","display_name":"Collaborative Research: SaTC: CORE: Medium: Cyber-threat Detection and Diagnosis in Multistage Manufacturing Systems through Cyber and Physical Data Analytics","funder_award_id":"2019340","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3542500338","display_name":null,"funder_award_id":"60NANB22D144","funder_id":"https://openalex.org/F4320332178","funder_display_name":"National Institute of Standards and Technology"},{"id":"https://openalex.org/G3994444534","display_name":"Towards Provable Security of Real-world Servers: Where Online Learning Meets Server Retrofitting","funder_award_id":"2140175","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4521288315","display_name":null,"funder_award_id":"ECCS-2140175","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8334011003","display_name":null,"funder_award_id":"CNS-2019340","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332178","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416"},{"id":"https://openalex.org/F4320337392","display_name":"Division of Electrical, Communications and Cyber Systems","ror":"https://ror.org/01krpsy48"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4313590644.pdf"},"referenced_works_count":30,"referenced_works":["https://openalex.org/W88849960","https://openalex.org/W233021882","https://openalex.org/W1477563924","https://openalex.org/W1515653707","https://openalex.org/W1963947298","https://openalex.org/W1968002620","https://openalex.org/W1969501726","https://openalex.org/W1996931407","https://openalex.org/W2042856445","https://openalex.org/W2060276266","https://openalex.org/W2066293121","https://openalex.org/W2074943483","https://openalex.org/W2109219878","https://openalex.org/W2121468041","https://openalex.org/W2133592286","https://openalex.org/W2155810272","https://openalex.org/W2162800072","https://openalex.org/W2165698076","https://openalex.org/W2312004824","https://openalex.org/W2597604324","https://openalex.org/W2929803724","https://openalex.org/W2962832406","https://openalex.org/W2979183801","https://openalex.org/W2985691241","https://openalex.org/W3006449199","https://openalex.org/W3011323222","https://openalex.org/W3035037193","https://openalex.org/W3048282123","https://openalex.org/W3092093850","https://openalex.org/W6600120041"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W1535080110","https://openalex.org/W306312984","https://openalex.org/W857189463","https://openalex.org/W2979675132","https://openalex.org/W2790520092","https://openalex.org/W4306309337","https://openalex.org/W20648474","https://openalex.org/W2109516765","https://openalex.org/W4288094128"],"abstract_inverted_index":{"In":[0],"recent":[1],"years,":[2],"deep":[3,53],"learning":[4,20,54,61],"gained":[5],"proliferating":[6],"popularity":[7],"in":[8,43,70,115],"the":[9,36,49,52,66,116,124,139,153],"cybersecurity":[10,71],"application":[11],"domain,":[12],"since":[13],"when":[14],"being":[15],"compared":[16,122],"to":[17,64,123],"traditional":[18],"machine":[19],"methods,":[21],"it":[22],"usually":[23],"involves":[24],"less":[25],"human":[26],"efforts,":[27],"produces":[28],"better":[29,33],"results,":[30],"and":[31,92,133,149],"provides":[32],"generalizability.":[34],"However,":[35],"imbalanced":[37,67],"data":[38,68,113],"issue":[39,69],"is":[40,126,145],"very":[41],"common":[42],"cybersecurity,":[44],"which":[45],"can":[46],"substantially":[47],"deteriorate":[48],"performance":[50,120],"of":[51,142,155],"models.":[55],"This":[56],"paper":[57],"introduces":[58],"a":[59,78,127,151],"transfer":[60],"based":[62],"method":[63],"tackle":[65],"using":[72,103],"return-oriented":[73],"programming":[74],"payload":[75],"detection":[76,95,134],"as":[77,150],"case":[79],"study.":[80],"We":[81],"achieved":[82],"0.0290":[83],"average":[84,89,94],"false":[85,130,143],"positive":[86,131],"rate,":[87],"0.9705":[88],"F1":[90],"score":[91],"0.9521":[93],"rate":[96,132],"on":[97],"3":[98],"different":[99,105],"target":[100,117],"domain":[101,107],"programs":[102],"2":[104],"source":[106],"programs,":[108],"with":[109],"0":[110],"benign":[111],"training":[112],"sample":[114],"domain.":[118],"The":[119],"improvement":[121],"baseline":[125],"trade-off":[128],"between":[129],"rate.":[135],"Using":[136],"our":[137],"approach,":[138],"total":[140],"number":[141,154],"positives":[144],"reduced":[146],"by":[147,160],"23.16%,":[148],"trade-off,":[152],"detected":[156],"malicious":[157],"samples":[158],"decreases":[159],"0.68%.":[161]},"counts_by_year":[{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}