A Novel Methodology for Identifying and Containing Botnet Attacks in IoT Networks

Abstract

The rapid expansion of the Internet of Things (IoT) has resulted in millions of interconnected devices, increasing the risk of large-scale botnet attacks that exploit device vulnerabilities and compromise network integrity. Traditional security solutions are often ineffective due to the heterogeneous, resource-constrained, and distributed nature of IoT environments. This study proposes a novel methodology for identifying and containing botnet attacks in IoT networks, combining anomaly-based traffic analysis with machine learning–driven behaviour profiling. The proposed framework operates in two phases: (1) Botnet detection, where suspicious communication patterns and abnormal traffic flows are identified using lightweight feature extraction and a hybrid classification model; and (2) Botnet containment, where detected malicious nodes are isolated using an adaptive mitigation mechanism to prevent further propagation across the network. Experimental simulations conducted on benchmark IoT datasets demonstrate that the proposed approach achieves higher detection accuracy and lower false-positive rates compared to existing techniques, while maintaining computational efficiency suitable for low-power IoT devices. The results indicate that this methodology offers a robust, scalable, and proactive defense strategy for securing IoT environments against botnet threats.