Hybrid Machine Learning Model For Efficient Botnet Attack Detection In IoT Environment

Abstract

The rapid proliferation of Internet of Things (IoT) devices has significantly increased the vulnerability of networks to cyber threats, particularly botnet-based attacks. These attacks exploit insecure devices to perform large-scale malicious activities such as Distributed Denial of Service (DDoS), data exfiltration, and service disruption. Detecting such attacks has become increasingly complex due to evolving malware techniques and heterogeneous IoT traffic patterns.

This study presents a hybrid deep learning-based framework for detecting botnet activity using the UNSW-NB15 dataset, addressing both binary and multiclass classification tasks. Multiple deep learning models, including Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM), Recurrent Neural Networks (RNN), and Artificial Neural Networks (ANN), were implemented and evaluated. Feature selection was performed using Mutual Information to enhance computational efficiency and model performance.

Furthermore, ensemble and hybrid architectures such as CNN+LSTM, CNN+BiLSTM+BiGRU, and CNN+LSTM+GRU were explored. Experimental results demonstrate that hybrid models outperform standalone architectures, achieving detection accuracies exceeding 97%. The findings confirm that integrating spatial and temporal learning techniques significantly improves the robustness and reliability of botnet detection systems in IoT environments.

DOI: https://doi-ds.org/doilink/04.2026-31962895