SecMa: A Novel Multimodal Autoencoder Framework for Encrypted IoT Traffic Analysis and Attack Detection
Received: 24 January 2025 | Revised: 15 February 2025 and 10 March 2025 | Accepted: 13 March 2025 | Online: 4 June 2025
Corresponding author: V. Ravi
Abstract
The exponential growth of encrypted Internet of Things (IoT) traffic has introduced significant cybersecurity challenges, including the complexity of analyzing encrypted payload data, managing heterogeneous device behavior, and addressing resource constraints. Traditional methods achieve low detection rates (45-60%) and struggle to balance accuracy, efficiency, and privacy. This paper proposes SecMa, a novel multimodal autoencoder framework designed to address these limitations in encrypted IoT traffic analysis and attack detection. SecMa processes three complementary feature modalities—network flow characteristics, device behavior patterns, and contextual information—using specialized neural network branches to generate compact and meaningful latent representations. The proposed framework demonstrates superior performance across diverse IoT environments with over 150 device types, achieving 97.2% attack detection accuracy with an average processing time of 1.2 ms per flow and a memory footprint of 2.4 GB. Comparative evaluations on benchmark datasets (NTLFlowLyzer, UNSW-NB15, IoT-23, and Bot-IoT) reveal a 3-8% improvement in detection accuracy across multiple security metrics. SecMa's robustness is further evidenced by its 96.5% precision in detecting data exfiltration attacks and 97.5% attack coverage. Statistical validation using paired t-tests (p < 0.01) and cross-validation underscores its reliability. By achieving an optimal balance between detection accuracy, computational efficiency, and privacy preservation, SecMa offers a transformative solution for secure IoT environments, particularly in resource-constrained settings.
Keywords:
IoT security, encrypted traffic analysis, deep learning, multimodal autoencoder, network securityDownloads
References
B. Anderson and D. McGrew, "Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity," in Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY, USA, 2017, pp. 1723–1732.
W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang, "End-to-end encrypted traffic classification with one-dimensional convolution neural networks," in 2017 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, 2017, pp. 43–48.
C. Liu, L. He, G. Xiong, Z. Cao, and Z. Li, "FS-Net: A Flow Sequence Network For Encrypted Traffic Classification," in IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, Paris, France, 2019, pp. 1171–1179.
J. Zhang, X. Chen, Y. Xiang, W. Zhou, and J. Wu, "Robust Network Traffic Classification," IEEE/ACM Transactions on Networking, vol. 23, no. 4, pp. 1257–1270, Aug. 2015.
S. Rezaei and X. Liu, "Deep Learning for Encrypted Traffic Classification: An Overview," IEEE Communications Magazine, vol. 57, no. 5, pp. 76–81, May 2019.
Z. Chen, K. He, J. Li, and Y. Geng, "Seq2Img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks," in 2017 IEEE International Conference on Big Data, Boston, MA, USA, 2017, pp. 1271–1276.
P. Wang, X. Chen, F. Ye, and Z. Sun, "A Survey of Techniques for Mobile Service Encrypted Traffic Classification Using Deep Learning," IEEE Access, vol. 7, pp. 54024–54033, 2019.
L. Fridman, J. Terwilliger, and B. Jenik, "DeepTraffic: Crowdsourced Hyperparameter Tuning of Deep Reinforcement Learning Systems for Multi-Agent Dense Traffic Navigation." arXiv, Jan. 03, 2019.
P. T. Duy, N. H. Khoa, D. T. T. Hien, H. D. Hoang, and V.-H. Pham, "Investigating on the robustness of flow-based intrusion detection system against adversarial samples using Generative Adversarial Networks," Journal of Information Security and Applications, vol. 74, May 2023, Art. no. 103472.
Q. Xin, Z. Xu, L. Guo, F. Zhao, and B. Wu, "IoT traffic classification and anomaly detection method based on deep autoencoders," Applied and Computational Engineering, vol. 69, pp. 64–70, Jul. 2024.
X. Zhang, A. Mavromatis, A. Vafeas, R. Nejabati, and D. Simeonidou, "Federated Feature Selection for Horizontal Federated Learning in IoT Networks," IEEE Internet of Things Journal, vol. 10, no. 11, pp. 10095–10112, Jun. 2023.
P. M. Dhulavvagol and S. G. Totad, "Performance Enhancement of Distributed Processing Systems Using Novel Hybrid Shard Selection Algorithm," Engineering, Technology & Applied Science Research, vol. 14, no. 2, pp. 13720–13725, Apr. 2024.
M. S. Gilbert, M. L. R. de Campos, and M. E. M. Campista, "Asymmetric Autoencoders: An NN alternative for resource-constrained devices in IoT networks," Ad Hoc Networks, vol. 156, Apr. 2024, Art. no. 103412.
T. Sasi, A. H. Lashkari, R. Lu, P. Xiong, and S. Iqbal, "An efficient self attention-based 1D-CNN-LSTM network for IoT attack detection and identification using network traffic," Journal of Information and Intelligence, Sep. 2024.
S. Becker, K. Styp-Rekowski, O. V. L. Stoll, and O. Kao, "Federated Learning for Autoencoder-based Condition Monitoring in the Industrial Internet of Things," in 2022 IEEE International Conference on Big Data, Osaka, Japan, 2022, pp. 5424–5433.
R. M. Badiger, R. Yakkundimath, G. Konnurmath, and P. M. Dhulavvagol, "Deep Learning Approaches for Age-based Gesture Classification in South Indian Sign Language," Engineering, Technology & Applied Science Research, vol. 14, no. 2, pp. 13255–13260, Apr. 2024.
K. Saini and S. Sharma, "Edge Cloud Assisted Quantum LSTM-based Framework for Road Traffic Monitoring," International Journal of Intelligent Transportation Systems Research, vol. 22, no. 3, pp. 707–719, Dec. 2024.
T. A. Syed, M. A. Muhammad, A. A. AlShahrani, M. Hammad, and M. T. Naqash, "Smart Water Management with Digital Twins and Multimodal Transformers: A Predictive Approach to Usage and Leakage Detection," Water, vol. 16, no. 23, Dec. 2024, Art. no. 3410.
B. Lathamani, N. C. Kundur, C. J. Swamy, P. K. Hanumanthaiah, P. M. Dhulavvagol, and B. C. Anil, "Enhancing the Scalability of Blockchain Networks using a Data Partitioning Technique," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 17711–17716, Dec. 2024.
Y. Lu, T. Yang, C. Zhao, W. Chen, and R. Zeng, "A swarm anomaly detection model for IoT UAVs based on a multi-modal denoising autoencoder and federated learning," Computers & Industrial Engineering, vol. 196, Oct. 2024, Art. no. 110454.
S. Garcia, A. Parmisano, and M. J. Erquiaga, "IoT-23: A labeled dataset with malicious and benign IoT network traffic." Zenodo, Jan. 20, 2020.
M. Shafi, A. H. Lashkari, and A. H. Roudsari, "NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders behavior profiling through network and transport layers traffic analysis and pattern extraction," Computers & Security, vol. 148, Jan. 2025, Art. no. 104160.
A. Vaswani et al., "Attention is all you need," in Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, CA, USA, 2017, pp. 6000–6010.
J. M. Peterson, J. L. Leevy, and T. M. Khoshgoftaar, "A Review and Analysis of the Bot-IoT Dataset," in 2021 IEEE International Conference on Service-Oriented System Engineering, Oxford, United Kingdom, 2021, pp. 20–27.
ahlashkari/NTLFlowLyzer. (2025). Python. Accessed: Apr. 07, 2025. [Online]. Available: https://github.com/ahlashkari/NTLFlowLyzer.
N. Moustafa and J. Slay, "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)," in 2015 Military Communications and Information Systems Conference, Canberra, Australia, 2015, pp. 1–6.
S. Bhatia, A. Jain, P. Li, R. Kumar, and B. Hooi, "MStream: Fast Anomaly Detection in Multi-Aspect Streams," in Proceedings of the Web Conference 2021, Ljubljana, Slovenia, 2021, pp. 3371–3382.
N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, "Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset," Future Generation Computer Systems, vol. 100, pp. 779–796, Nov. 2019.
A. Manchanda, Aditya-1500/Bot-IoT. (2024). Jupyter Notebook. Accessed: Apr. 07, 2025. [Online]. Available: https://github.com/Aditya-1500/Bot-IoT.
Downloads
How to Cite
License
Copyright (c) 2025 V. Ravi, A. S. Poornima
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
