MOAT: Federated Learning-Based Method for Improved Detection of IoT Botnets

This research introduces a novel intrusion detection method that examines network traffic from Internet of Things (IoT) devices. Due to their constrained computational resources, IoT devices are inherently more vulnerable to cyber-attacks compared to traditional computing systems. Botnets, which often orchestrate distributed denial-of-service (DDoS) attacks by leveraging numerous IoT devices, pose a significant security threat. Consequently, developing effective strategies to identify and mitigate botnet impacts within IoT environments is crucial. Our approach employs an Internet protocol (IP) and port-based classification model capable of recognizing previously unseen intrusion types post-deployment. By monitoring changes in device behavior, the system effectively distinguishes between normal and anomalous activities. We demonstrate the efficacy of our method by targeting two prominent IoT botnets: Mirai and Bashlite. Additionally, we evaluate the benefits of integrating bootstrapping with averaging techniques during the preprocessing phase and find that this combination significantly enhances the model’s generalizability. The model optimization and aggregation technique (MOAT) framework exhibits outstanding performance in both localized and federated intrusion detection scenarios, achieving an average accuracy of 96.25% across nodes, even when tested against attack types present in the training data.

• Publication year

  2026

• Venue

  IEEE Internet of Things Journal

• Publication date

  2026-01-15

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/JIOT.2025.3631450
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Improving Transferability of Network Intrusion Detection in a Federated Learning Setup

  2024cited by this paper
• CANET: A hierarchical CNN-Attention model for Network Intrusion Detection

  2023cited by this paper
• Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning

  2022cited by this paper
• Federated Deep Learning for Zero-Day Botnet Attack Detection in IoT-Edge Devices

  2021cited by this paper
• IoT Botnet Attack Detection Based on Optimized Extreme Gradient Boosting and Feature Selection

  2020cited by this paper
• Detection of zero-day attacks: An unsupervised port-based approach

  2020cited by this paper
• A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case

  2020cited by this paper
• The Quest for Sense: Physical phenomena Classification in the Internet of things

  2019cited by this paper
• N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

  2018influential reference
• A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security

  2018cited by this paper
• Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

  2018cited by this paper
• Unsupervised Anomaly Based Botnet Detection in IoT Networks

  2018cited by this paper
• DDoS in the IoT: Mirai and Other Botnets

  2017influential reference
• Botnets and Internet of Things Security

  2017cited by this paper
• Noise versus chaos in a causal Fisher-Shannon plane

  2015cited by this paper
• Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis

  2015influential reference
• The internet of things: a survey

  2014cited by this paper
• Internet of Things (IoT): A vision, architectural elements, and future directions

  2012cited by this paper
• Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques

  2012cited by this paper
• Anomaly detection: A survey

  2009cited by this paper
• Anomaly-based network intrusion detection: Techniques, systems and challenges

  2009cited by this paper
• Distinguishing noise from chaos.

  2007cited by this paper

• Robust and energy-aware detection of Mirai botnet for future 6G-enabled IoT networks

  2026cites this paper