EMTD-SSC: An Enhanced Malicious Traffic Detection Model Using Transfer Learning Under Small Sample Conditions in IoT

In the Internet of Things (IoT) scenario, the device diversity and data sparsity present a significant challenge for malicious traffic detection, notably the "small sample problem" where insufficient data hampers the performance of the deep learning methods that depend on large volumes of labeled data for training. Transfer learning (TL) has the capability to transfer knowledge from a label-rich but heterogeneous domain to a label-sparse domain, making it a powerful tool for addressing challenges in IoT malicious traffic detection. To address these challenges, we introduce the EMTD-SSC model, a novel enhanced malicious traffic detection model that leverages TL under small sample conditions in IoT environments. Initially, our approach includes a comprehensive labeled data set that merges a small-scale IoT intrusion detection domain with the traditional intrusion detection domain to enrich semantic information transfer from the source to target domains. The EMTD-SSC model employs dual residual convolutional autoencoders for robust feature extraction and transfer, incorporating skip connections to expedite the model convergence and minimize information loss. Furthermore, to optimize transfer efficiency, we minimize the multilayer multi kernel maximum mean discrepancy (MLMK-MMD) across corresponding network layers, facilitating effective domain adaptation. Through unsupervised training and subsequent fine tuning on the target domain data, the model significantly enhances anomaly detection capabilities. Extensive experiments on the two well-known public data sets demonstrate that the EMTD-SSC model's effectiveness, achieving an impressive 94.8% accuracy in the binary classification tasks.