Federated Learning and Data Mining-Based Botnet Attack Detection Framework for Internet of Things
Date
Authors
Sudheera, Kalupahana Liyanage Kushan
Priyashan, Lokuge Lehele Gedara Madhuwantha
Pavithra, Oruthota Arachchige Sanduni
Aththanayake, Malwaththe Widanalage Tharindu
Sudasinghe, Piyumi Bhagya
Sankalpa, Wijethunga Gamage Chatum Aloj
Sandamali, Gammana Guruge Nadeesha
Chong, Peter Han Joo
Supervisor
Item type
Journal Article
Degree name
Journal Title
Journal ISSN
Volume Title
Publisher
MDPI AG
Abstract
Botnet attacks in Internet of Things (IoT) environments often occur as multi-stage campaigns, making early and reliable detection difficult across distributed and privacy-sensitive networks. Centralized detection approaches are often limited by heterogeneous traffic characteristics, severe data imbalance, and the need to aggregate large volumes of raw network data, raising scalability and privacy concerns. To address these challenges, this paper proposes FDA, a federated learning-based and data mining-driven framework for stage-aware botnet attack detection in IoT networks. FDA operates at network gateways, where anomalous traffic is first detected and then abstracted into compact and interpretable patterns using Frequent Itemset Mining (FIM). This pattern-based representation reduces noise and local traffic bias, enabling more robust learning across different IoT networks. Lightweight neural network models are trained locally at gateways, and a global model is learned through federated aggregation of model parameters, avoiding direct sharing of raw network data while enabling gateways to collaboratively learn evolving attack patterns across different IoT networks. Experimental results show that FDA achieves anomaly detection F1-scores above 99% across all gateways and multi-stage botnet attack classification F1-scores in the range of 48–49%, which are comparable to centralized machine-learning baselines while operating under decentralized and privacy-preserving constraints. Overall, FDA provides a practical, privacy-preserving, and effective solution for distributed botnet attack stage detection in real-world IoT deployments.Description
Keywords
0301 Analytical Chemistry, 0502 Environmental Science and Management, 0602 Ecology, 0805 Distributed Computing, 0906 Electrical and Electronic Engineering, Analytical Chemistry, 3103 Ecology, 4008 Electrical engineering, 4009 Electronics, sensors and digital hardware, 4104 Environmental management, 4606 Distributed computing and systems software, botnet attack, cyber-security, data mining, federated learning, internet of things, machine learning
Source
Sensors, ISSN: 1424-8220 (Online), MDPI AG, 26(5), 1573-1573. doi: 10.3390/s26051573
Publisher's version
Rights statement
© 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license.