A SCALABLE TWO-LAYER ML FRAMEWORK FOR REAL-TIME IOT BOTNET INTRUSION DETECTION

Abstract

The rapid growth of Internet of Things (IoT) networks has significantly raised the cyberattack surface, making such networks vulnerable to advanced botnet attacks. Traditional Intrusion Detection Systems (IDS) become ineffective in IoT networks owing to their rigid adaptability, high latency, and restrictive resources. To address these issues, this paper introduces a scalable two-layer machine learning framework for real-time botnet intrusion detection in IoT networks. The proposed system employs lightweight classifiers for quick screening of normal traffic in the first layer and sophisticated models for deep analysis of suspicious flows in the second layer. A robust preprocessing pipeline incorporating feature selection and class balancing strategies enhances model efficiency and detection accuracy. Experimental results demonstrate enhanced performance in detection rates, false positive reduction, and inference speed, thereby determining the model suitability for latency-restricted and resource-limited environments. The framework effectively maintains accuracy and computational cost, offering an efficient solution for modern IoT security systems