Explainable and data-centric machine learning framework for real-time IoT botnet detection and classification
Tools
Tools
Corneliu, Purice, Waqas, Muhammad 
ORCID: https://orcid.org/0000-0003-0814-7544, Khan, Muhammad Taimoor ORCID: https://orcid.org/0000-0002-5752-6420, Tu, Shanshan and Badshah, Akhtar
(2026)
Explainable and data-centric machine learning framework for real-time IoT botnet detection and classification.
In: IEEE International Conference on Machine Learning for Communication and Networking (ICMLCN). 08 - 11 June 2026. Abu Dhabi, Abu Dhabi, United Arab Emirates.
IEEE Xplore
.
Institute of Electrical and Electronics Engineers (IEEE) - Computer Society - Systems, Man, and Cybernetics Society, Piscataway, New Jersey.
(In Press)
![[thumbnail of Author's Accepted Manuscript]](https://gala.gre.ac.uk/style/images/fileicons/application_pdf.png "Author's Accepted Manuscript") |
PDF (Author's Accepted Manuscript)
53300 WAQAS_Explainable_And_Data-Centric_Machine_Learning_Framework_(AAM)_2026.pdf - Accepted Version Restricted to Repository staff only Download (593kB) | Request a copy |
Abstract
The rapid growth of Internet of Things (IoT) devices has expanded opportunities for cyberattacks, with botnet attacks posing a major threat to network infrastructure and data security. Machine learning has shown promise in detecting such attacks, but most existing methods are offline, limited to binary classification, and rarely support real-time detection or identify specific attack types. This paper presents a real-time machine learning framework for IoT botnet detection and analysis. The framework not only detects attacks but also classifies their nature, providing security analysts with clearer insights. It integrates explainability features to improve transparency and interpretation in practical contexts. To evaluate performance, four machine learning models are employed: Logistic Regression, Random Forest, Naive Bayes, and LightGBM. Comparative analysis highlights accuracy, processing speed, and interpretability in real-time intrusion detection. Using the IoT-23 dataset, which reflects real-world malware campaigns, the framework demonstrates a modular, transparent, and scalable solution that bridges research and practical implementation.
| Item Type: | Conference Proceedings |
|---|---|
| Title of Proceedings: | IEEE International Conference on Machine Learning for Communication and Networking (ICMLCN). 08 - 11 June 2026. Abu Dhabi, Abu Dhabi, United Arab Emirates |
| Additional Information: | This is the accepted version of the paper published in [IEEE International Conference on Machine Learning for Communication and Networking (ICMLCN). 08 - 11 June 2026. Abu Dhabi]. The final authenticated version is not available as yet. © IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
| Uncontrolled Keywords: | IoT security, botnet detection, real-time intrusion detection, machine learning, network traffic analysis |
| Subjects: | Q Science > Q Science (General) Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) |
| Related URLs: | |
| Last Modified: | 01 May 2026 12:23 |
| URI: | https://gala.gre.ac.uk/id/eprint/53300 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year