AI-powered cyber-attacks are becoming increasingly sophisticated, posing significant challenges to traditional cybersecurity systems. Existing defence mechanisms struggle to detect AI-enhanced attacks due to complex decision boundaries and limited training datasets. This paper proposes a novel approach using data fingerprinting and visualization to improve cyber threat detection.Theproposedmethodology,termedAI-Enhanced Cyber-Defense System (AIECDS), transforms complex input data into structured visual fingerprints, enabling more efficient classification of benign and malicious activities. The approach is validated using a Finger Vein Dataset,whereacquisitionandmodelimagesarecompared to generate representative templates. These visual fingerprints simplify the learning process for machine learning models by reducing data complexity and highlighting key patterns. Experimental results demonstrate that the proposed method enhances detection accuracyandperformseffectivelyevenwithlimitedsample sizes. This work highlights the potential of integrating fingerprinting and visualization techniques to strengthen modern cyber defence systems against advanced AI-driven threats.
Introduction
The rapid growth of distributed computing systems, including cloud computing, IoT, and big data platforms, has increased the need for secure data storage and communication. Traditional AI-based cybersecurity systems struggle against evolving cyberattacks due to reliance on limited datasets, vulnerability to adversarial attacks, and poor adaptability. This study proposes an AI-Enhanced Cyber Defence System (AIECDS) that integrates data fingerprinting, visualization, and Deep Reinforcement Learning (DRL) to improve cyber threat detection. The framework converts complex network data into simplified visual fingerprints, enabling machine learning models to identify malicious activities more accurately while reducing computational complexity.
The proposed methodology consists of data acquisition, preprocessing, feature extraction using DAISY descriptors and Local Binary Patterns (LBP), sparse feature matching through the Coherent Point Matching (CPM) algorithm, fingerprint visualization, and classification. The visualization process transforms high-dimensional network traffic into structured visual representations that improve interpretability and learning efficiency. The system classifies activities as benign or malicious by comparing extracted fingerprint patterns with reference data.
Experimental results using the UNSW-NB15 dataset demonstrate that the proposed framework effectively detects both known and unknown cyber threats through byte-level fingerprinting and adaptive learning. The integration of DRL enables continuous learning from network traffic, improving real-time detection and resilience against evolving attack techniques. Overall, AIECDS offers an efficient, scalable, and robust cybersecurity solution by combining visualization, fingerprinting, and AI to enhance detection accuracy, adaptability, and protection against modern cyber threats.
Conclusion
The main contribution of this paper is the design of a unique fingerprintbyextractingmeaningfulinformationfromnetwork packets and the fingerprinting system, which is achieved by combiningadvancesincybersecurityresearchandinvisualdata mining.Theresultsinthispaperdemonstratethatvisualability todiscriminatemultiplemaliciousattacktypesfrombenignand from one another. Therefore, the results in this paper will lead tomoreresearchinRLinthefieldofcybersecurity,whichwill inspire the development of a self-learning dynamic RL cyber defence. Achieving meaningful extraction of information and enabling training of self-learning dynamic RL cyber defence systems, the discovery of undetectable malware, “zero-day attacks” and ransomware, will be possible since fingerprints will significantly simplify the decision boundary for malware detection.Theprotocoldiscourse’suniquepropertiesrepresent the possibility of further study of the possible classification of theapplication fromwhich thenetworksession wasgenerated. This is significant since there is no approach in place that can accurately classify traffic per application on the open internet accurately for all application in operation today.
References
[1] Caminero, G., Lopez-Martin, M. and Carro, B., 2021. Adversarial environment reinforcement learning algorithm for intrusion detection. Computer Networks, 159, pp. 96-109.
[2] Du, J., Raza, S.H., Ahmad, M., Alam, I., Dar, S.H. and Habib, M.A., 2022. Digital forensics as advanced ransomware preattack detection algorithm for endpoint data protection. Security and Communication Networks, 2022.
[3] Du,Z.,Ma,L.,Li,H.,Li,Q.,Sun,G.,&Liu,Z.,2018.
[4] Network traffic anomaly detection based on wavelet analysis. In 2023 IEEE 16th International Conference on Software Engineering Research, Management and Applications (SERA) (pp. 94- 101). IEEE.
[5] Eschenbach, Ted., 2024. Technical note: constructing tornado diagrams with spreadsheets. The Engineering Economist, 51(2), 195-204.
[6] Goodman, E. L., Zimmerman, C., & Hudson, C., 2020. Packet2vec:utilizingword2vecforfeatureextractioninpacket data. arXiv preprintarXiv:2004.14477.Indusface,15 Malware statistics to take seriously in 2022.
[7] Indusface,.https://www.indusface.com/blog/15malwarestati stics-to-take-seriously-in-2022/Accessed 25 October.
[8] Ingham, K., & Forrest, S., 2022. A history and survey of network firewalls. University of New Mexico, Tech. Rep.
[9] Kaloudi, N., & Li, J., 2020. The ai-based cyber threat landscape:asurvey.ACMComputingSurveys(CSUR),53(1), 1-34. Kaspersky,
[10] What is a Zero-day atack? - Definition and explanation. Kaspersky.https://www.kaspersky.co.za/resourcecenter/definiti ons/zero-day-exploit, Accessed 29 June. Keim, D.A., 2021. Pixel-oriented database visualizations. ACM Sigmod Record, 25(4), pp. 35-39.
[11] Lopez-Martin, M., Carro, B. and Sanchez-Esguevillas, A., 2024. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications, 141, p. 112963.
[12] Malialis, K., 2024. Distributed reinforcement learning for networkintrusionresponse(Doctoraldissertation,Universityof York.)
[13] Moustafa,N.,&Slay,J.,2015.UNSW-NB15:acomprehensivedatasetfornetworkintrusiondetectionsystems (UNSWNB15 network data set). In 2025 Military CommunicationsandInformationSystemsConference(Milcis) (pp. 1-6). IEEE.
[14] Nari, S., & Ghorbani, A. A., 2023. Automated malware classificationbasedonnetworkbehavior.In2013International Conference on Computing, Networking and Communications (ICNC) (pp. 642-647). IEEE.
[15] Sobers, R., 2022. 89 Must-know data breach statistics [2022].Varonis,May2022.https://www.varonis.com/blog/cybersecurity-statistics,Accessed29June.2022.