DCITD: A Deep Q-Network Approach for Cyber Image Threats Detection

Cybersecurity threats Continuously develop and adapt. Posing serious risks for companies, governments, and individuals worldwide. Traditional methods for detecting these threats, which often rely on fixed rules and established patterns, are ineffective against attackers' dynamic and sophisticated tactics. Detecting cyber threats, especially for malware images, presents a considerable challenge for organizations and individuals. Conventional detection techniques, which often depend on fixed rules, are increasingly ineffective against the sophisticated strategies utilized by today’s attackers. That calls for creating more sophisticated and intelligent cyber defense systems, integrating autonomous agents that can learn and make decisions without relying on human knowledge. This paper employed Reinforcement Learning techniques, which is one of the machine learning fields based on trial and error for learning, to propose the Detection of Cyber Image Threats by the DQN (DCITD) model for malware detection system leveraging Deep Q-Networks (DQN) integrated with image-based reinforcement learning. The model uses a Convolutional Neural Network (CNN) to feature extraction and incorporates multithreading to optimize experience replay during training. The DCITD model, utilizing Deep Q-Network (DQN) architecture, showcases a permanent auto-learning feature within a network setting, allowing for detecting various network threats through an automated trial-and-error process while steadily refining its detection capabilities. The paper is based on thorough experimentation utilizing the Blended malware dataset, and the results reveal that the proposed DCITD model excels in recognizing a wide array of threats and outperforms similar machine-learning techniques. Those techniques produce a fusion of features to build a model that can be used to recognize and classify the malware images into 31 malware families, then evaluate the performance of malware classification by identifying unique malware families and tracking detection accuracy that reached 98%.