Hybrid AI Models Combining Machine-Deep Learning for Botnet Identification

The botnet is considered a highly advanced vulnerability threat. Threats to smart systems and data integrity posed by botnet assaults have grown in importance alongside the proliferation of IoT networks, making them a major topic in cybersecurity discussions. Current detection systems frequently fail to accurately classify various attack types, manage data with high dimensions, or record attack trends over time. To efficiently detect botnets, this work aims to construct a robust hybrid AI model utilizing the BOT-IOT dataset, which encompasses both common and unusual attack types, including reconnaissance, DoS/DDoS, and information theft. The proposed methodology combines LSTM networks for temporal pattern recognition, Decision Trees (DT) for feature-based classification, and Logistic Regression (LR) for high-dimensional multiclass prediction, with aggregated final predictions to enhance stability and accuracy. During data preprocessing, missing value handling, categorical variable encoding, and consistent feature scaling using Min-Max normalization were all part of the procedure. The hybrid model achieved 99% accuracy, recall, and F1-score, with an AUC-ROC of 0.9895, surpassing established methods such as C4.5, KNN, and weighted ego network with LDA, as well as individual models (LSTM: 97%, DT: 94%, LR: 95%). These findings support improved, balanced, and real-time IoT botnet detection for smart city cybersecurity.