Volume 17 , Issue 2 , PP: 113-134, 2026 | Cite this article as | XML | Html | PDF | Full Length Article
Innocent Mbona 1 * , Jan H. P. Eloff 2
Doi: https://doi.org/10.54216/JCIM.170209
Over the years, exciting new technologies such as the Internet of Things (IoT) have changed many aspects of our lives, including smart homes. Unfortunately, this technology is vulnerable to cyber attacks owing to the lack of physical boundaries to ensure safety, privacy, and security. Botnet attacks are among the prominent cybersecurity threats because they can compromise the entire network with cyber attacks, such as distributed denial-of-service (DDoS) attacks. Hence, the intelligent discovery of new unknown botnet attacks remains a challenge, particularly in IoT environments, owing to the complex nature of the signatures of unknown botnet attacks. Through a systematic literature review, we provide a comprehensive review of current studies to determine the trends and challenges in the discovery of unknown botnet attacks. This study implemented a lightweight intelligent data-driven methodology called CySecML to discover unknown botnet attacks. The CySecML methodology differs from existing methods because of its unique data preparation and feature selection methods, specifically aimed at mitigating cyber attacks. The effectiveness of this methodology is demonstrated using state-of-the-art botnet attack data sets, where the self-training machine-learning algorithm achieved the best results with an F1-score of 94%.
Botnet , Internet of Things (IoT) , Unknown attacks , Cybersecurity , Feature selection , Machine learning , Network intrusion detection system
[1] W. Fei, H. Ohno, and S. Sampalli, “A systematic review of IoT security: Research potential, challenges, and future directions,” ACM Comput. Surv., vol. 56, no. 4, pp. 1–40, 2023, doi: 10.1145/3625094.
[2] R. Saadouni, C. Gherbi, Z. Aliouat, Y. Harbi, and A. Khacha, “Intrusion detection systems for IoT based on bio-inspired and machine learning techniques: A systematic review of the literature,” Cluster Comput., 2024, doi: 10.1007/s10586-024-04388-5.
[3] Z. Liu, N. Thapa, A. Shaver, K. Roy, M. Siddula, X. Yuan, and A. Yu, “Using embedded feature selection and CNN for classification on CCD-INID-V1—A new IoT data set,” Sensors, vol. 21, no. 14, p. 4834, 2021, doi: 10.3390/s21144834.
[4] J. Zhang, S. Liang, F. Ye, R. Q. Hu, and Y. Qian, “Towards detection of zero-day botnet attack in IoT networks using federated learning,” in Proc. IEEE Int. Conf. Commun. (ICC), 2023, pp. 763–768.
[5] T. Ohtani, R. Yamamoto, and S. Ohzahata, “IDAC: Federated learning-based intrusion detection using autonomously extracted anomalies in IoT,” Sensors, vol. 24, no. 10, p. 3218, 2024, doi: 10.3390/s24103218.
[6] H. Alkahtani and T. H. H. Aldhyani, “Botnet attack detection by using CNN-LSTM model for Internet of Things applications,” Secur. Commun. Netw, vol. 2021, p. 3806459, 2021, doi: 10.1155/2021/3806459.
[7] V. Kumar and D. Sinha, “A robust intelligent zero-day cyber-attack detection technique,” Complex Intell. Syst., vol. 7, no. 5, pp. 2211–2234, 2021, doi: 10.1007/s40747-021-00396-9.
[8] D. Krishnan and P. Shrinath, “Robust botnet detection approach for known and unknown attacks in IoT networks using stacked multi-classifier and adaptive thresholding,” Arab. J. Sci. Eng., 2024, doi: 10.1007/s13369-024-08742-y.
[9] A. H. Celdrán, P. M. S. Sánchez, M. A. Castillo, G. Bovet, G. M. Pérez, and B. Stiller, “Intelligent and behavioral-based detection of malware in IoT spectrum sensors,” Int. J. Inf. Secur., vol. 22, no. 3, pp. 541–561, 2022, doi: 10.1007/s10207-022-00602-w.
[10] B. Bezawada, M. Bachani, J. Peterson, H. Shirazi, I. Ray, and I. Ray, “Behavioral fingerprinting of IoT devices,” in Proc. Workshop Attacks Solutions Hardware Secur. (ASHES), 2018, pp. 1–11.
[11] N. Abdalgawad, A. Sajun, Y. Kaddoura, I. A. Zualkernan, and F. Aloul, “Generative deep learning to detect cyberattacks for the IoT-23 data set,” IEEE Access, vol. 10, pp. 6430–6441, 2022, doi: 10.1109/ACCESS.2021.3140015.
[12] S. I. Popoola, R. Ande, B. Adebisi, G. Gui, M. Hammoudeh, and O. Jogunola, “Federated deep learning for zero-day botnet attack detection in IoT-edge devices,” IEEE Internet Things J., vol. 9, no. 5, pp. 3930–3944, 2022, doi: 10.1109/JIOT.2021.3100755.
[13] B. I. Hairab, H. K. Aslan, M. S. Elsayed, A. D. Jurcut, and M. A. Azer, “Anomaly detection of zero-day attacks based on CNN and regularization techniques,” Electronics, vol. 12, no. 3, p. 573, 2023, doi: 10.3390/electronics12030573.
[14] A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab, “A novel ensemble of hybrid intrusion detection system for detecting Internet of Things attacks,” Electronics, vol. 8, no. 11, p. 1210, 2019, doi: 10.3390/electronics8111210.
[15] A. Alharbi and K. Alsubhi, “Botnet detection approach using graph-based machine learning,” IEEE Access, vol. 9, pp. 99166–99180, 2021, doi: 10.1109/ACCESS.2021.3094183.
[16] Z. Ahmad, A. S. Khan, K. Nisar, I. Haider, R. Hassan, M. R. Haque, S. Tarmizi, and J. J. P. C. Rodrigues, “Anomaly detection using deep neural network for IoT architecture,” Appl. Sci., vol. 11, no. 15, p. 7050, 2021, doi: 10.3390/app11157050.
[17] K. Roshan and A. Zafar, “An optimized auto-encoder based approach for detecting zero-day cyber-attacks in computer network,” in Proc. 5th Int. Conf. Inf. Syst. Comput. Netw. (ISCON), 2021, pp. 1–6.
[18] R. Li, Q. Li, J. Zhou, and Y. Jiang, “ADRIoT: An edge-assisted anomaly detection framework against IoT-based network attacks,” IEEE Internet Things J., vol. 9, no. 12, pp. 10576–10587, 2022, doi: 10.1109/JIOT.2021.3122148.
[19] D. Xu and Y. Tian, “A comprehensive survey of clustering algorithms,” Ann. Data Sci., vol. 2, no. 2, pp. 165–193, 2015, doi: 10.1007/s40745-015-0040-1.
[20] X. Xu, H. Liu, and M. Yao, “Recent progress of anomaly detection,” Complexity, vol. 2019, p. 2686378, 2019, doi: 10.1155/2019/2686378.
[21] C. D. Luu, V. Q. Nguyen, T. S. Pham, and N.-A. Le-Khac, “A zero-shot deep learning approach for unknown IoT botnet attack detection,” in Proc. RIVF Int. Conf. Comput. Commun. Technol. (RIVF), 2023, pp. 474–479.
[22] A. Yulianto, P. Sukarno, and N. A. Suwastika, “Improving AdaBoost-based intrusion detection system (IDS) performance on CIC IDS 2017 data set,” J. Phys.: Conf. Ser., vol. 1192, p. 012018, 2019, doi: 10.1088/1742-6596/1192/1/012018.
[23] X. Liang and T. Znati, “A long short-term memory enabled framework for DDoS detection,” in Proc. IEEE Glob. Commun. Conf. (GLOBECOM), 2019, pp. 1–6.
[24] H. Alazzam, A. Alsmady, and A. Al Shorman, “Supervised detection of IoT botnet attacks,” in Proc. 2nd Int. Conf. Data Sci., E-Learning Inf. Syst., 2019, pp. 1–5.
[25] R. Ahmad, I. Alsmadi, W. Alhamdani, and L. Tawalbeh, “Zero-day attack detection: a systematic literature review,” Artif. Intell. Rev., vol. 56, no. 9, pp. 10733–10811, 2023, doi: 10.1007/s10462-023-10437-z.
[26] A. Blaise, M. Bouet, V. Conan, and S. Secci, “Detection of zero-day attacks: An unsupervised port-based approach,” Comput. Netw, vol. 180, p. 107391, 2020, doi: 10.1016/j.comnet.2020.107391.
[27] S. Li, Y. Cao, S. Liu, Y. Lai, Y. Zhu, and N. Ahmad, “HDA-IDS: A hybrid DoS attacks intrusion detection system for IoT by using semi-supervised CL-GAN,” Expert Syst. Appl., vol. 238, p. 122198, 2024, doi: 10.1016/j.eswa.2023.122198.
[28] N. A, H. J, S. P. S. Prakash, and K. Krinkin, “Class imbalance and concept drift invariant online botnet threat detection framework for heterogeneous IoT edge,” Comput. Secur., vol. 141, p. 103820, 2024, doi: 10.1016/j.cose.2024.103820.
[29] J. Wang, S. Lu, S.-H. Wang, and Y.-D. Zhang, “A review on extreme learning machine,” Multimed. Tools Appl., vol. 81, no. 28, pp. 41611–41660, 2022, doi: 10.1007/s11042-021-11007-7.
[30] S. Khan and A. B. Mailewa, “Discover botnets in IoT sensor networks: A lightweight deep learning framework with hybrid self-organizing maps,” Microprocess. Microsyst, vol. 97, p. 104753, 2023, doi: 10.1016/j.micpro.2022.104753.
