Browsing by Author "Abeywardena, K"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    PublicationOpen Access
    A Deep Learning-Based Dual-Model Framework for Real-Time Malware and Network Anomaly Detection with MITRE ATT&CK Integration
    (Science and Information Organization, 2025) Migara H.M.S; Sandakelum M.D.B; Maduranga D.B.W.N; Kumara D.D.K.C; Fernando, H; Abeywardena, K
    The contemporary world of high connectivity in the digital realm has presented cybersecurity with more advanced threats, such as advanced malware and network attacks, which in most cases will not be detected using traditional detection tools. Static cybersecurity tools, which are traditional, often fail to deal with dynamic and hitherto unseen attacks, including signature-based antivirus systems and rule-based intrusion detection. To ad-dress this issue, we would suggest a two-part, AI-powered solution to cybersecurity which would allow real-time threat detection on an endpoint and a network level. The first element uses a Feedfor-ward Neural Network (FNN) to categorize Windows Portable Ex-ecutable (PE) files, whether they are benign or malicious, by using structured static features. The second component improves net-work anomaly detection with a deep learning model that is aug-mented by Generative Adversarial Networks (GAN) and effec-tively addresses the data imbalance issue and sensitivity to rare cyber-attacks. To enhance its performance further, the system is integrated with the MITRE ATT&CK adversarial tactics and techniques, which correlate real-time detection results with adver-sarial tactics and techniques, thus offering actionable context to incident response teams. Tests based on open-source datasets pro-vided accuracies of 98.0 per cent of malware detection and 96.2 per cent of network anomaly detection. Data augmentation using GAN was very effective in improving the detection of less popular attacks, including SQL injections and internal reconnaissance. Moreover, the system is horizontally scalable and responsive in real-time due to Docker-based deployment. The suggested frame-work is an effective, explainable and scalable cybersecurity de-fense system, which is perfectly applicable to Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs), greatly increasing the precision rate and contextual in-sight of threat detection. © (2025), (Science and Information Organization)