Detection of QR Code-based Cyberattacks using a Lightweight Deep Learning Model
Received: 8 May 2024 | Revised: 10 May 2024 | Accepted: 21 May 2024 | Online: 2 August 2024
Corresponding author: Mousa Sarkhi
Abstract
Traditional intrusion detection systems rely on known patterns and irregularities. This study proposes an approach to reinforce security measures on QR codes used for marketing and identification. The former investigates the use of a lightweight Deep Learning (DL) model to detect cyberattacks embedded in QR codes. A model that classifies QR codes into three categories: normal, phishing, and malware, is proposed. The model achieves high precision and F1 scores for normal and phishing codes (Class 0 and 1), indicating accurate identification. However, the model's recall for malware (Class 2) is lower, suggesting potential missed detections in this category. This stresses the need for further exploration of techniques to improve the detection of malware QR codes. Despite the particular limitation, the overall accuracy of the model remains impressive at 99%, demonstrating its effectiveness in distinguishing normal and phishing codes from potentially malicious ones.
Keywords:
QR code, Machine Learning (ML), cybersecurity, Deep Learning (DL), lightweight deep learningDownloads
References
N. A. Abd Rahman, A. Bahaj, H. A. Abdul Halim Sithiq, I. Farhana Kamsin, and N. K. Zainal, "Secure Parking and Reservation System Integrated with Car Plate Recognition and QR Code," in 2022 IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE), Apr. 2022, pp. 1–7.
F. Abdullayeva, "Cyber resilience and cyber security issues of intelligent cloud computing systems," Results in Control and Optimization, vol. 12, Sep. 2023, Art. no. 100268.
Y. Alaca and Y. Çelik, "Cyber attack detection with QR code images using lightweight deep learning models," Computers & Security, vol. 126, Mar. 2023, Art. no. 103065.
M. Alanazi, A. Mahmood, and M. J. M. Chowdhury, "SCADA vulnerabilities and attacks: A review of the state‐of‐the‐art and open issues," Computers & Security, vol. 125, Feb. 2023, Art. no. 103028.
B. Al-Fuhaidi, W. Al-Sorori, N. Maqtary, A. Al-Hashedi, and S. Al-Taweel, "Literature Review on Cyber Attacks Detection and Prevention Schemes," in 2021 International Conference on Intelligent Technology, System and Service for Internet of Everything (ITSS-IoE), Sana’a, Yemen, Nov. 2021, pp. 1–6.
G. A. Amoah and J.B. Hayfron-Acquah, "QR Code Security: Mitigating the Issue of Quishing (QR Code Phishing)," International Journal of Computer Applications, vol. 184, no. 33, pp. 34–39, Oct. 2022.
D. Benalcazar, J. E. Tapia, S. Gonzalez, and C. Busch, "Synthetic ID Card Image Generation for Improving Presentation Attack Detection," IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1814–1824, 2023.
J. Brandman, L. Sturm, J. White, and C. Williams, "A physical hash for preventing and detecting cyber-physical attacks in additive manufacturing systems," Journal of Manufacturing Systems, vol. 56, pp. 202–212, Jul. 2020.
K. Cargrill, T. Abegaz, L. C. Parra, and R. DaSouza, "Scan Me: QR Codes as Emerging Malware Delivery Mechanism," in Proceedings of the Future Technologies Conference (FTC) 2023, Volume 2, 2023, pp. 611–617.
R. Chen et al., "Rapid Detection of Multi-QR Codes Based on Multistage Stepwise Discrimination and a Compressed MobileNet," IEEE Internet of Things Journal, vol. 10, no. 18, pp. 15966–15979, Apr. 2023.
R. Chen, Z. Zheng, Y. Yu, H. Zhao, J. Ren, and H.-Z. Tan, "Fast Restoration for Out-of-Focus Blurred Images of QR Code With Edge Prior Information via Image Sensing," IEEE Sensors Journal, vol. 21, no. 16, pp. 18222–18236, Dec. 2021.
Y. W. Chow et al., "Utilizing QR codes to verify the visual fidelity of image datasets for machine learning," Journal of Network and Computer Applications, vol. 173, Jan. 2021, Art. no. 102834.
Z. Guo, H. Zheng, C. You, T. Wang, and C. Liu, "DMF-Net: Dual-Branch Multi-Scale Feature Fusion Network for copy forgery identification of anti-counterfeiting QR code." arXiv, Jan. 19, 2022.
A. Kharraz, E. Kirda, W. Robertson, D. Balzarotti, and A. Francillon, "Optical Delusions: A Study of Malicious QR Codes in the Wild," in 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Jun. 2014, pp. 192–203.
N. Kumar, S. Jain, M. Shukla, and S. Lodha, "Investigating Users’ Perception, Security Awareness and Cyber-Hygiene Behaviour Concerning QR Code as an Attack Vector," in HCI International 2022 Posters, 2022, pp. 506–513.
V. Kumar and D. Sinha, "A robust intelligent zero-day cyber-attack detection technique," Complex & Intelligent Systems, vol. 7, no. 5, pp. 2211–2234, Oct. 2021.
D. O. Do Rosario Lourenco, M. V. H. Sai Sriraj, K. K. Thambi, and V. Ranjan, "Malicious URLs and QR Code Classification Using Machine Learning and Deep Learning Techniques," in 2023 3rd Asian Conference on Innovation in Technology (ASIANCON), Aug. 2023, pp. 1–10.
P. Mathivanan and A. B. Ganesh, "QR code based color image stego-crypto technique using dynamic bit replacement and logistic map," Optik, vol. 225, Jan. 2021, Art. no. 165838.
S. A. Nawaz, J. Li, U. A. Bhatti, M. U. Shoukat, and R. M. Ahmad, "Deep Learning Applications in Digital Image Security: Latest Methods and Techniques," in Deep Learning for Multimedia Processing Applications, CRC Press, 2024.
A. Pawar, C. Fatnani, R. Sonavane, R. Waghmare, and S. Saoji, "Secure QR Code Scanner to Detect Malicious URL using Machine Learning," in 2022 2nd Asian Conference on Innovation in Technology (ASIANCON), Ravet, India, Dec. 2022, pp. 1–8.
D. Rathee and S. Mann, "Detection of E-Mail Phishing Attacks – using Machine Learning and Deep Learning," International Journal of Computer Applications, vol. 183, no. 47, Jan. 2022.
L. Ren and D. Zhang, "A QR code-based user-friendly visual cryptography scheme," Scientific Reports, vol. 12, no. 1, May 2022, Art. no. 7667.
C. Shaik, "Preventing Counterfeit Products Using Cryptography, QR Code and Webservice," Computer Science & Engineering: An International Journal (CSEIJ), vol. 11, no. 1, Feb. 2021.
H. Sultana, A. H. M. Kamal, G. Hossain, and M. A. Kabir, "A Novel Hybrid Edge Detection and LBP Code-Based Robust Image Steganography Method," Future Internet, vol. 15, no. 3, Mar. 2023, Art. no. 108.
M. J. Tsai and S. L. Peng, "QR code beautification by instance segmentation (IS-QR)," Digital Signal Processing, vol. 133, Mar. 2023, Art. no. 103887.
A. Darem, "Anti-Phishing Awareness Delivery Methods," Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7944–7949, Dec. 2021.
A. V. Turukmane and R. Devendiran, "M-MultiSVM: An efficient feature selection assisted network intrusion detection system using machine learning," Computers & Security, vol. 137, Feb. 2024, Art. no. 103587.
G. Varshney, R. Kumawat, V. Varadharajan, U. Tupakula, and C. Gupta, "Anti-phishing: A comprehensive perspective," Expert Systems with Applications, vol. 238, Mar. 2024, Art. no. 122199.
H. A. M. Wahsheh and F. L. Luccio, "Security and Privacy of QR Code Applications: A Comprehensive Study, General Guidelines and Solutions," Information, vol. 11, no. 4, Apr. 2020, Art. no. 217.
A. Al-Marghilani, "Comprehensive Analysis of IoT Malware Evasion Techniques," Engineering, Technology & Applied Science Research, vol. 11, no. 4, pp. 7495–7500, Aug. 2021.
H. A. M. Wahsheh and M. S. Al-Zahrani, "Secure Real-Time Computational Intelligence System Against Malicious QR Code Links," International Journal of Computers Communications & Control, vol. 16, no. 3, May 2021.
H. S. Wdhayeh, R. A. Azeez, and A. J. Mohammed, "A Proposed Algorithm for Hiding a Text in an Image Using QR Code," Iraqi Journal of Computers, Communications, Control, and Systems Engineering, vol. 23, no. 1, pp. 1–9, Mar. 2023.
B. Zhang, D. Wu, Z. Lan, Z. Cui, and L. Xie, "Malicious code detection based on many-objective transfer model," Concurrency and Computation: Practice and Experience, vol. 35, no. 22, 2023, Art. no. e7728.
D. Zhang, M. Shafiq, G. Srivastava, T. R. Gadekallu, L. Wang, and Z. Gu, "STBCIoT: Securing the Transmission of Biometric Images in Customer IoT," IEEE Internet of Things Journal, vol. 11, no. 9, pp. 16279–16288, Feb. 2024.
M. Anwer, S. M. Khan, M. U. Farooq, and Waseemullah, "Attack Detection in IoT using Machine Learning," Engineering, Technology & Applied Science Research, vol. 11, no. 3, pp. 7273–7278, Jun. 2021.
Downloads
How to Cite
License
Copyright (c) 2024 Mousa Sarkhi, Shailendra Mishra
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
