Intelligent detection framework for IoT-botnet detection: DBN-RNN with improved feature set

The pervasive adoption of IoT devices has significantly enhanced connectivity but also introduced vulnerabilities, particularly through IoT botnets, which exploit compromised devices for large-scale attacks. Current detection methods, although effective, often face challenges in accuracy. This work proposes a new framework for IoT botnet detection utilizing an optimized hybrid classification technique. The framework comprises two primary phases: feature extraction and attack detection. Initially, various features including statistical measures, higher-order statistics, improved correlation-based insights, and flow-based characteristics are extracted from IoT network data. Notably, the approach enhances traditional correlation analysis by weighting data points based on proximity, refining the detection of complex relationships crucial for identifying botnet behaviors. To identify attacks, the system uses a hybrid classifier that integrates an Improved Deep Belief Network (IDBN) with a Recurrent Neural Network (RNN). The Improved DBN incorporates batch normalization and dropout layers, along with a modified Gumbel softmax activation function, to bolster its robustness against noisy data and prevent overfitting, while the RNN excels in sequential data analysis, capturing temporal dependencies within IoT traffic. Additionally, Self-Adaptive Beluga Whale Optimization (SA-BWO) is utilized for optimizing RNN weights, to enhance the accuracy for detection through adaptive parameter tuning. Experimental validation demonstrates the framework's superior performance in detecting IoT botnet activities, surpassing conventional methods in accuracy and resilience.