Malware traffic classification (MTC) is a key technology for anomaly and intrusion detection in secure Industrial Internet of Things (IIoT). Traditional MTC methods based on port, payload, and statistic depend… Click to show full abstract
Malware traffic classification (MTC) is a key technology for anomaly and intrusion detection in secure Industrial Internet of Things (IIoT). Traditional MTC methods based on port, payload, and statistic depend on the manual-designed features, which have low accuracy. Recently, deep-learning methods have attracted a significant attention due to their high accuracy in terms of classification. However, in practical application scenarios, deep-learning methods require a large amount of labeled samples for training, while the available labeled samples for training are very rare. Furthermore, the preparation of a large amount of labeled samples requires a lot of labor costs. To solve these problems, this article proposes three methods based on semisupervised learning (SSL), transfer learning (TL), and domain adaptive (DA), respectively. Our proposed methods use a large amount of unlabeled data collected in the Internet traffic, which can greatly improve the classification accuracy with few labeled samples. Then, we use the DA method to solve the mismatch problem between the source domain and the target domain in the TL process. The proposed method is not only applicable to the shallow network but also to the deep neural network structure, and can achieve better classification results. Experimental results show that our proposed methods can satisfy the requirement of MTC in the case of few labeled samples in IIoT. The source code for all the experiments is available at GitHub.The code of this article can be downloaded from GitHub link: https://github.com/yzjh/Keras-MTC-DA-Ladder.
               
Click one of the above tabs to view related content.