Enhancing IoT Security: A Comparative Analysis of Machine Learning and Deep Learning Techniques for Botnet Detection

Authors

  • Omar Almousa Jordan University of Science and Technology, Jordan https://orcid.org/0000-0003-3600-2764
  • Batool Hamdallh Jordan University of Science and Technology, Jordan
  • Ruba Al-nu’man Jordan University of Science and Technology, Jordan
Volume: 15 | Issue: 4 | Pages: 24498-24505 | August 2025 | https://doi.org/10.48084/etasr.11092

Received: 22 March 2025 | Revised: 3 May 2025 | Accepted: 10 May 2025 | Online: 2 August 2025


Corresponding author: Omar Almousa

Abstract

The Internet of Things (IoT) has revolutionized technological interactions but still faces significant security challenges from threats such as botnets. Therefore, effective detection methods are crucial. This study evaluates several Machine Learning (ML) and Deep Learning (DL) models for detecting IoT cyber threats, focusing on Mirai botnet attacks and ARP spoofing on the CIC IoT Dataset 2023. ML models, namely Stochastic Gradient Descent (SGD), Support Vector Machine (SVM), Decision Tree (DT), Logistic Regression (LR), and K-Nearest Neighbors (KNN), and DL techniques, namely Feedforward Neural Network (FNN) and Convolutional Neural Network (CNN), were evaluated. The results show that data augmentation (oversampling) significantly increased performance across all models. DT and KNN achieved the highest metrics (precision, recall, F1-score, and accuracy of 0.98), demonstrating superior classification capabilities. DL models had similar results, with CNN improving from 0.96 to 0.98 after oversampling, showing its adaptability to enhanced data diversity. Conversely, SGD demonstrated high sensitivity to class imbalance, emphasizing the need for balanced datasets in IoT security applications.

Keywords:

Internet of Things (IoT), Mirai, ARP spoofing, ML, DL

Downloads

Download data is not yet available.

References

M. M. Alani, A. I. Awad, and E. Barka, "ARP-PROBE: An ARP spoofing detector for Internet of Things networks using explainable deep learning," Internet of Things, vol. 23, Oct. 2023, Art. no. 100861. DOI: https://doi.org/10.1016/j.iot.2023.100861

A. H. A. Saq, A. Zainal, B. A. S. Al-Rimy, A. Alyami, and H. A. Abosaq, "Intrusion Detection in IoT using Gaussian Fuzzy Mutual Information-based Feature Selection," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 17564–17571, Dec. 2024. DOI: https://doi.org/10.48084/etasr.8268

V. Vajrobol, B. B. Gupta, A. Gaurav, and H. M. Chuang, "Adversarial learning for Mirai botnet detection based on long short-term memory and XGBoost," International Journal of Cognitive Computing in Engineering, vol. 5, pp. 153–160, Jan. 2024. DOI: https://doi.org/10.1016/j.ijcce.2024.02.004

M. Antonakakis et al., "Understanding the Mirai Botnet," presented at the 26th USENIX Security Symposium (USENIX Security 17), 2017, pp. 1093–1110.

M. Sharma and S. Ravichandra, "Design and implementation of a mechanism to identify and defend against ARP spoofing," in 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), Delhi, India, Jul. 2023, pp. 1–6. DOI: https://doi.org/10.1109/ICCCNT56998.2023.10308362

R. H. Hwang, M. C. Peng, and C. W. Huang, "Detecting IoT Malicious Traffic Based on Autoencoder and Convolutional Neural Network," in 2019 IEEE Globecom Workshops (GC Wkshps), Waikoloa, HI, USA, Dec. 2019, pp. 1–6. DOI: https://doi.org/10.1109/GCWkshps45667.2019.9024425

C. D. McDermott, F. Majdani, and A. V. Petrovski, "Botnet Detection in the Internet of Things using Deep Learning Approaches," in 2018 International Joint Conference on Neural Networks (IJCNN), Rio de Janeiro, Brazil, Jul. 2018, pp. 1–8. DOI: https://doi.org/10.1109/IJCNN.2018.8489489

Y. O. Kolcu, A. H. Yurttakal, and B. Baydan, "Internet of Things Botnet Detection via Ensemble Deep Neural Networks," International Journal of 3D Printing Technologies and Digital Industry, vol. 7, no. 2, pp. 191–197, Aug. 2023. DOI: https://doi.org/10.46519/ij3dptdi.1293277

R. G. Azhari, V. Suryani, R. R. Pahlevi, and A. A. Wardana, "The Detection of Mirai Botnet Attack on the Internet of Things (IoT) Device Using Support Vector Machine (SVM) Model," in 2022 10th International Conference on Information and Communication Technology (ICoICT), Bandung, Indonesia, Aug. 2022, pp. 397–401. DOI: https://doi.org/10.1109/ICoICT55009.2022.9914830

A. Sharma, P. V. Mansotra, and K. Singh, "Detection of Mirai Botnet Attacks on IoT devices Using Deep Learning," Journal of Scientific Research and Technology, pp. 174–187, Sep. 2023.

E. Y. Güven and Z. Gürkaş-Aydin, "Mirai Botnet Attack Detection in Low-Scale Network Traffic," Intelligent Automation & Soft Computing, vol. 37, no. 1, pp. 419–437, 2023. DOI: https://doi.org/10.32604/iasc.2023.038043

M. Usmani, M. Anwar, K. Farooq, G. Ahmed, and S. Siddiqui, "Predicting ARP spoofing with Machine Learning," in 2022 International Conference on Emerging Trends in Smart Technologies (ICETST), Karachi, Pakistan, Sep. 2022, pp. 1–6. DOI: https://doi.org/10.1109/ICETST55735.2022.9922925

H. Puram, R. S. Kumar, and B. R. Chandavarkar, "Deep Learning based framework for dynamic Detection and Mitigation of ARP Spoofing attacks," in 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), Delhi, India, Jul. 2023, pp. 1–6. DOI: https://doi.org/10.1109/ICCCNT56998.2023.10308031

E. Gelenbe and M. Nakip, "Real-Time Cyberattack Detection with Offline and Online Learning," in 2023 IEEE 29th International Symposium on Local and Metropolitan Area Networks (LANMAN), London, UK, Jul. 2023, pp. 1–6. DOI: https://doi.org/10.1109/LANMAN58293.2023.10189812

A. Kumari, D. Gupta, and M. Uppal, "Enhancing IoT Security in Nuclear Power Plants: Deep Learning Approaches to Detect Mirai Attacks," in 2024 5th IEEE Global Conference for Advancement in Technology (GCAT), Bangalore, India, Oct. 2024, pp. 1–6. DOI: https://doi.org/10.1109/GCAT62922.2024.10924052

E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, "CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment," Sensors, vol. 23, no. 13, Jan. 2023, Art. no. 5941. DOI: https://doi.org/10.3390/s23135941

C. Bunkhumpornpat, K. Sinapiromsaran, and C. Lursinsap, "Safe-Level-SMOTE: Safe-Level-Synthetic Minority Over-Sampling TEchnique for Handling the Class Imbalanced Problem," in Advances in Knowledge Discovery and Data Mining, 2009, pp. 475–482. DOI: https://doi.org/10.1007/978-3-642-01307-2_43

X. Zhou, H. Liu, C. Shi, and J. Liu, Deep Learning on Edge Computing Devices: Design Challenges of Algorithm and Architecture. Elsevier, 2022.

Y. Tian, Y. Zhang, and H. Zhang, "Recent Advances in Stochastic Gradient Descent in Deep Learning," Mathematics, vol. 11, no. 3, Jan. 2023, Art. no. 682. DOI: https://doi.org/10.3390/math11030682

S. Y. Chaganti, I. Nanda, K. R. Pandi, T. G. N. R. S. N. Prudhvith, and N. Kumar, "Image Classification using SVM and CNN," in 2020 International Conference on Computer Science, Engineering and Applications (ICCSEA), Gunupur, India, Mar. 2020, pp. 1–5. DOI: https://doi.org/10.1109/ICCSEA49143.2020.9132851

J. R. Quinlan, "Learning decision tree classifiers," ACM Computing Surveys, vol. 28, no. 1, pp. 71–72, Mar. 1996. DOI: https://doi.org/10.1145/234313.234346

Z. Khandezamin, M. Naderan, and M. J. Rashti, "Intelligent detection of breast cancer with feature selection based on logistic regression and support vector machine Classification," Journal of Soft Computing and Information Technology, vol. 9, no. 2, pp. 115–123, 2020.

Q. Kuang and L. Zhao, "A practical GPU based kNN algorithm," in Proceedings of the 2009 International Symposium on Computer Science and Computational Technology, 2009, pp. 151–155.

L. Alzubaidi et al., "Review of deep learning: concepts, CNN architectures, challenges, applications, future directions," Journal of Big Data, vol. 8, no. 1, Mar. 2021, Art. no. 53. DOI: https://doi.org/10.1186/s40537-021-00444-8

Downloads

How to Cite

[1]
O. Almousa, B. Hamdallh, and R. Al-nu’man, “Enhancing IoT Security: A Comparative Analysis of Machine Learning and Deep Learning Techniques for Botnet Detection”, Eng. Technol. Appl. Sci. Res., vol. 15, no. 4, pp. 24498–24505, Aug. 2025.

Metrics

Abstract Views: 133
PDF Downloads: 200

Metrics Information

License

Copyright (c) 2025 Omar Almousa, Batool Hamdallh, Ruba Al-nu’man

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.