IoT Malware Network Traffic Classification using Visual Representation and Deep Learning

TL;DR

This paper presents a deep learning-based method using visual representations for real-time IoT malware traffic classification, achieving high accuracy and rapid detection at the packet level.

Contribution

It introduces a novel approach combining visual representation and deep learning for IoT malware detection, enabling faster and more accurate classification of zero-day threats.

Findings

94.50% detection accuracy with ResNet50

Constructed dataset of 1000 pcap files from diverse sources

Packet-level analysis reduces detection time

Abstract

With the increase of IoT devices and technologies coming into service, Malware has risen as a challenging threat with increased infection rates and levels of sophistication. Without strong security mechanisms, a huge amount of sensitive data is exposed to vulnerabilities, and therefore, easily abused by cybercriminals to perform several illegal activities. Thus, advanced network security mechanisms that are able of performing a real-time traffic analysis and mitigation of malicious traffic are required. To address this challenge, we are proposing a novel IoT malware traffic analysis approach using deep learning and visual representation for faster detection and classification of new malware (zero-day malware). The detection of malicious network traffic in the proposed approach works at the package level, significantly reducing the time of detection with promising results due to the deep learning technologies used. To evaluate our proposed method performance, a dataset is constructed which consists of 1000 pcap files of normal and malware traffic that are collected from different network traffic sources. The experimental results of Residual Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate for detection of malware traffic.