MOAT: A Multi-objective Approach to Federated IoT Botnet Detection

Yangzong Zhang; Wenjian Liu; Bin Shi; Tianqing Zhu

doi:10.1007/978-981-95-3058-8_14

MOAT: A Multi-objective Approach to Federated IoT Botnet Detection

Yangzong Zhang
, Wenjian Liu
, Bin Shi
, Tianqing Zhu

电子与信息学部

City University of Macau

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

This study presents an innovative intrusion detection approach focused on analyzing network traffic generated by Internet of Things (IoT) devices. Owing to their limited processing capabilities, IoT devices are generally more susceptible to cyber threats than conventional computing platforms. Botnets, which frequently exploit large numbers of IoT devices to launch distributed denial-of-service (DDoS) attacks, represent a major security concern. As a result, it is essential to design robust mechanisms for the identification and mitigation of botnet-related risks within IoT ecosystems. In this work, we propose an IP- and port-based classification framework that can detect novel forms of intrusions after deployment. By continuously observing variations in device activity patterns, the system is able to accurately differentiate between benign and suspicious behaviors. The proposed solution is validated on two widely known IoT botnets, namely Mirai and Bashlite. Furthermore, we investigate the impact of combining bootstrapping with averaging methods during data preprocessing, and observe that this approach substantially improves the model’s ability to generalize. The MOAT architecture delivers superior results in both standalone and federated intrusion detection environments, achieving a mean accuracy of 96.25% across different nodes, even when evaluated on attack categories included in the training set.

源语言	英语
主期刊名	Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings
编辑	Tianqing Zhu, Wanlei Zhou, Congcong Zhu
出版商	Springer Science and Business Media Deutschland GmbH
页	163-173
页数	11
ISBN（印刷版）	9789819530571
DOI	https://doi.org/10.1007/978-981-95-3058-8_14
出版状态	已出版 - 2026
活动	18th International Conference on Knowledge Science, Engineering and Management, KSEM 2025 - Macao, 中国期限: 4 8月 2025 → 7 8月 2025

出版系列

姓名	Lecture Notes in Computer Science
卷	15922 LNAI
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	18th International Conference on Knowledge Science, Engineering and Management, KSEM 2025
国家/地区	中国
市	Macao
时期	4/08/25 → 7/08/25

访问文件

10.1007/978-981-95-3058-8_14

其它文件与链接

链接到 Scopus 的出版物

引用此

Zhang, Y., Liu, W., Shi, B., & Zhu, T. (2026). MOAT: A Multi-objective Approach to Federated IoT Botnet Detection. 在 T. Zhu, W. Zhou, & C. Zhu (编辑), Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings (页码 163-173). (Lecture Notes in Computer Science; 卷 15922 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-95-3058-8_14

Zhang, Yangzong ; Liu, Wenjian ; Shi, Bin 等. / MOAT : A Multi-objective Approach to Federated IoT Botnet Detection. Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings. 编辑 / Tianqing Zhu ; Wanlei Zhou ; Congcong Zhu. Springer Science and Business Media Deutschland GmbH, 2026. 页码 163-173 (Lecture Notes in Computer Science).

@inproceedings{399fce574c834eb2abde47d93134ebce,

title = "MOAT: A Multi-objective Approach to Federated IoT Botnet Detection",

abstract = "This study presents an innovative intrusion detection approach focused on analyzing network traffic generated by Internet of Things (IoT) devices. Owing to their limited processing capabilities, IoT devices are generally more susceptible to cyber threats than conventional computing platforms. Botnets, which frequently exploit large numbers of IoT devices to launch distributed denial-of-service (DDoS) attacks, represent a major security concern. As a result, it is essential to design robust mechanisms for the identification and mitigation of botnet-related risks within IoT ecosystems. In this work, we propose an IP- and port-based classification framework that can detect novel forms of intrusions after deployment. By continuously observing variations in device activity patterns, the system is able to accurately differentiate between benign and suspicious behaviors. The proposed solution is validated on two widely known IoT botnets, namely Mirai and Bashlite. Furthermore, we investigate the impact of combining bootstrapping with averaging methods during data preprocessing, and observe that this approach substantially improves the model{\textquoteright}s ability to generalize. The MOAT architecture delivers superior results in both standalone and federated intrusion detection environments, achieving a mean accuracy of 96.25\% across different nodes, even when evaluated on attack categories included in the training set.",

keywords = "Anomaly detection, Federated learning, Internet of Things, Network intrusion detection",

author = "Yangzong Zhang and Wenjian Liu and Bin Shi and Tianqing Zhu",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.; 18th International Conference on Knowledge Science, Engineering and Management, KSEM 2025 ; Conference date: 04-08-2025 Through 07-08-2025",

year = "2026",

doi = "10.1007/978-981-95-3058-8\_14",

language = "英语",

isbn = "9789819530571",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "163--173",

editor = "Tianqing Zhu and Wanlei Zhou and Congcong Zhu",

booktitle = "Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings",

}

Zhang, Y, Liu, W, Shi, B & Zhu, T 2026, MOAT: A Multi-objective Approach to Federated IoT Botnet Detection. 在 T Zhu, W Zhou & C Zhu (编辑), Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings. Lecture Notes in Computer Science, 卷 15922 LNAI, Springer Science and Business Media Deutschland GmbH, 页码 163-173, 18th International Conference on Knowledge Science, Engineering and Management, KSEM 2025, Macao, 中国, 4/08/25. https://doi.org/10.1007/978-981-95-3058-8_14

MOAT: A Multi-objective Approach to Federated IoT Botnet Detection. / Zhang, Yangzong; Liu, Wenjian; Shi, Bin 等.
Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings. 编辑 / Tianqing Zhu; Wanlei Zhou; Congcong Zhu. Springer Science and Business Media Deutschland GmbH, 2026. 页码 163-173 (Lecture Notes in Computer Science; 卷 15922 LNAI).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - MOAT

T2 - 18th International Conference on Knowledge Science, Engineering and Management, KSEM 2025

AU - Zhang, Yangzong

AU - Liu, Wenjian

AU - Shi, Bin

AU - Zhu, Tianqing

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.

PY - 2026

Y1 - 2026

N2 - This study presents an innovative intrusion detection approach focused on analyzing network traffic generated by Internet of Things (IoT) devices. Owing to their limited processing capabilities, IoT devices are generally more susceptible to cyber threats than conventional computing platforms. Botnets, which frequently exploit large numbers of IoT devices to launch distributed denial-of-service (DDoS) attacks, represent a major security concern. As a result, it is essential to design robust mechanisms for the identification and mitigation of botnet-related risks within IoT ecosystems. In this work, we propose an IP- and port-based classification framework that can detect novel forms of intrusions after deployment. By continuously observing variations in device activity patterns, the system is able to accurately differentiate between benign and suspicious behaviors. The proposed solution is validated on two widely known IoT botnets, namely Mirai and Bashlite. Furthermore, we investigate the impact of combining bootstrapping with averaging methods during data preprocessing, and observe that this approach substantially improves the model’s ability to generalize. The MOAT architecture delivers superior results in both standalone and federated intrusion detection environments, achieving a mean accuracy of 96.25% across different nodes, even when evaluated on attack categories included in the training set.

AB - This study presents an innovative intrusion detection approach focused on analyzing network traffic generated by Internet of Things (IoT) devices. Owing to their limited processing capabilities, IoT devices are generally more susceptible to cyber threats than conventional computing platforms. Botnets, which frequently exploit large numbers of IoT devices to launch distributed denial-of-service (DDoS) attacks, represent a major security concern. As a result, it is essential to design robust mechanisms for the identification and mitigation of botnet-related risks within IoT ecosystems. In this work, we propose an IP- and port-based classification framework that can detect novel forms of intrusions after deployment. By continuously observing variations in device activity patterns, the system is able to accurately differentiate between benign and suspicious behaviors. The proposed solution is validated on two widely known IoT botnets, namely Mirai and Bashlite. Furthermore, we investigate the impact of combining bootstrapping with averaging methods during data preprocessing, and observe that this approach substantially improves the model’s ability to generalize. The MOAT architecture delivers superior results in both standalone and federated intrusion detection environments, achieving a mean accuracy of 96.25% across different nodes, even when evaluated on attack categories included in the training set.

KW - Anomaly detection

KW - Federated learning

KW - Internet of Things

KW - Network intrusion detection

UR - https://www.scopus.com/pages/publications/105022978521

U2 - 10.1007/978-981-95-3058-8_14

DO - 10.1007/978-981-95-3058-8_14

M3 - 会议稿件

AN - SCOPUS:105022978521

SN - 9789819530571

T3 - Lecture Notes in Computer Science

SP - 163

EP - 173

BT - Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings

A2 - Zhu, Tianqing

A2 - Zhou, Wanlei

A2 - Zhu, Congcong

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 4 August 2025 through 7 August 2025

ER -

Zhang Y, Liu W, Shi B, Zhu T. MOAT: A Multi-objective Approach to Federated IoT Botnet Detection. 在 Zhu T, Zhou W, Zhu C, 编辑, Knowledge Science, Engineering and Management - 18th International Conference, KSEM 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2026. 页码 163-173. (Lecture Notes in Computer Science). doi: 10.1007/978-981-95-3058-8_14

MOAT: A Multi-objective Approach to Federated IoT Botnet Detection

摘要

出版系列

会议

访问文件

其它文件与链接

学术指纹

引用此