IoT-AMLHP: Aligned Multimodal Learning of Header-Payload Representations for Resource-Efficient Malicious IoT Traffic Classification
Fengyuan Nie, Guangjie Liu, Weiwei Liu, Jianan Huang, Bo Gao
TL;DR
IoT-AMLHP tackles the challenge of secure, real-time malicious IoT traffic classification under tight resource constraints by shifting from flow-level or raw-bytes approaches to a packet-level, aligned header-payload representation. It constructs an aligned, fixed-length header $h_i$ of 128 bytes and payload $d_i$ of length $P$ for each packet, mitigating feature misalignment and preserving semantic distinctions between headers and payloads. A lightweight neural network with depthwise separable convolutions extracts modality-specific features and a multi-head self-attention fusion module integrates them, achieving high accuracy with substantially reduced FLOPs ($\approx 7.01$M), parameter count ($\approx 0.02$M), and model size ($\approx 0.32$ MB). Evaluations on three public IoT datasets show near-state-of-the-art performance and favorable deployability, including favorable inference times under parallel processing; ablation confirms the importance of header information, payload semantics, and multimodal fusion. These results suggest IoT-AMLHP can enable real-time, edge-friendly malicious traffic detection in diverse IoT environments, with potential for further gains via model compression techniques such as quantization and pruning.
Abstract
Traffic classification is crucial for securing Internet of Things (IoT) networks. Deep learning-based methods can autonomously extract latent patterns from massive network traffic, demonstrating significant potential for IoT traffic classification tasks. However, the limited computational and spatial resources of IoT devices pose challenges for deploying more complex deep learning models. Existing methods rely heavily on either flow-level features or raw packet byte features. Flow-level features often require inspecting entire or most of the traffic flow, leading to excessive resource consumption, while raw packet byte features fail to distinguish between headers and payloads, overlooking semantic differences and introducing noise from feature misalignment. Therefore, this paper proposes IoT-AMLHP, an aligned multimodal learning framework for resource-efficient malicious IoT traffic classification. Firstly, the framework constructs a packet-wise header-payload representation by parsing packet headers and payload bytes, resulting in an aligned and standardized multimodal traffic representation that enhances the characterization of heterogeneous IoT traffic. Subsequently, the traffic representation is fed into a resource-efficient neural network comprising a multimodal feature extraction module and a multimodal fusion module. The extraction module employs efficient depthwise separable convolutions to capture multi-scale features from different modalities while maintaining a lightweight architecture. The fusion module adaptively captures complementary features from different modalities and effectively fuses multimodal features.