Efficient IoT Intrusion Detection with an Improved Attention-Based CNN-BiLSTM Architecture
Amna Naeem, Muazzam A. Khan, Nada Alasbali, Jawad Ahmad, Aizaz Ahmad Khattak, Muhammad Shahbaz Khan
TL;DR
This work addresses botnet intrusion detection in IoT networks by designing a compact attention-augmented hybrid architecture. By integrating 1D-CNN for local pattern extraction, BiLSTM for temporal modeling, and an attention mechanism to highlight salient features, it achieves robust detection on the N-BaIoT dataset. The approach yields about 99% accuracy with very high reliability metrics (MCC and Cohen's Kappa) and a low inference cost (~50 ms/sample), making it suitable for real-time deployment. Compared with similar architectures, it delivers superior precision and robustness across unseen data, advancing practical IoT security.
Abstract
The ever-increasing security vulnerabilities in the Internet-of-Things (IoT) systems require improved threat detection approaches. This paper presents a compact and efficient approach to detect botnet attacks by employing an integrated approach that consists of traffic pattern analysis, temporal support learning, and focused feature extraction. The proposed attention-based model benefits from a hybrid CNN-BiLSTM architecture and achieves 99% classification accuracy in detecting botnet attacks utilizing the N-BaIoT dataset, while maintaining high precision and recall across various scenarios. The proposed model's performance is further validated by key parameters, such as Mathews Correlation Coefficient and Cohen's kappa Correlation Coefficient. The close-to-ideal results for these parameters demonstrate the proposed model's ability to detect botnet attacks accurately and efficiently in practical settings and on unseen data. The proposed model proved to be a powerful defence mechanism for IoT networks to face emerging security challenges.