Abstract
Malicious traffic detection in IoT environments faces dual challenges: limited labeled data and heterogeneous, complex traffic patterns. To address these limitations, we propose a malicious traffic detection framework, GADF-SRGA, which integrates Gram-angle-difference-field (GADF) imaging with meta-learning. The framework first encodes raw IoT traffic into images via GADF, preserving the spatiotemporal characteristics of malicious traffic. It then employs meta-learning on these encoded images to enable feature-space learning under scarce data. In the inner loop, Sample-Relation Guided Attention (SRGA) leverages class-label-guided supervision graphs to learn sample similarity, improving intra-class compactness and inter-class separability in the feature space. Comprehensive evaluations on public IoT intrusion datasets Malicious_TLS and ToN_IoT demonstrate the framework’s superiority and robustness, particularly under class-imbalanced conditions, over baseline methods.