Real-Time and Trustworthy Classification of IoT Traffic Using Lightweight Deep Learning

Download PDF
Open Webpage

Arunan Sivanathan, Deepak Mishra, Sushmita Ruj, Natasha Fernandes, Quan Z. Sheng, Minh Tran, Ben Luo, Daniel Coscia, Gustavo Batista, Hassan Habibi Gharakaheili

Published: 2026, Last Modified: 21 Jan 2026IEEE Trans. Netw. Sci. Eng. 2026EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The rapid growth of Internet-of-Things (IoT) devices in enterprise and industrial networks presents significant challenges for device behavior analysis and security. Existing machine learning models for IoT traffic classification face limitations. Shallow models, relying on manually engineered features, struggle to capture complex, nonlinear patterns and generalize across diverse environments. Deep pre-trained models, such as transformers, demand extensive preprocessing and significant computational resources, making them less practical for real-time inference in resource-constrained environments. This paper proposes a lightweight, real-time deep learning model based on convolutional neural networks (CNNs) that classifies IoT traffic using structured flow sequences, providing an efficient and reliable solution. Our contributions are threefold: (1) We develop a novel structure of flow data sequences that represents IoT network behavior as a fixed-size matrix, capturing flow metadata, packet timing, direction, and raw payloads. This flexible structure ensures adaptability to diverse IoT environments and enables the classification of a wide variety of devices. We publicly release our structured dataset derived from real traffic traces. (2) We propose a convolutional neural network (CNN) architecture that captures both intra-flow and inter-flow patterns, providing an efficient solution for real-time IoT traffic classification. We evaluate three traffic inference strategies across four performance metrics, namely accuracy, coverage, computational cost, and traffic selectivity, demonstrating the method's effectiveness for real-time IoT traffic analysis. (3) We incorporate interpretability techniques, specifically confidence scores and Shapley values, to assess and enhance the trustworthiness of predictions. These insights refine the predictions, yielding a 4% boost in macro-averaged F1-score. They also significantly reduce high-confidence misclassifications to one-fifth when applied to real IoT traffic traces.