IoT botnet-traffic classification using few-shot learning

The Internet of Things (IoT) is experiencing a constant expansion, embedding connectivity into everyday objects for increased efficiency. Despite this, security vulnerabilities pose a growing concern because IoT devices often lack robust security measures, leaving room for IoT botnet malware action and underlining the critical need for increased IoT security. During the last years, Machine Learning (ML) and Deep Learning (DL) have offered effective tools against IoT attacks, but these solutions struggle with identifying novel threats. In fact, the dynamic nature of IoT ecosystems requires data-driven systems capable of responding promptly to emerging threats, characterized by the limited availability of samples for training.In this context, we exploit Few-Shot Learning (FSL) to effectively identify emerging network attacks within the traffic generated by IoT devices by performing botnet-traffic classification. In detail, FSL enables ML and DL models to recognize and adapt to novel classes of attack traffic with minimal available samples, tackling class imbalance issues between high-frequency and lowfrequency attacks (which generate high and low network traffic, respectively). This strategic integration of FSL is crucial in enhancing overall IoT security, providing a proactive approach to handle dynamic and imbalanced scenarios, and ensuring the resilience of interconnected systems. The experimental evaluation is conducted on the publicly available IoT-23 dataset. The results highlight that the best FSL approach obtains the highest performance figures with just 3 shots, scoring 92% F1-score when discriminating low-frequency botnet malware. Noteworthy, satisfactory performance (up to 93% F1-score) is achieved also in misuse detection, proving the capability to distinguish between legitimate and malicious traffic.