2025 4th International Conference on Electronic Engineering (ICEEM)

Hybrid Deep Learning Architectures for Multiclass IoT Intrusion Detection: Evaluation on BoT-IoT Datasets

Paper ID : 1106-ICEEM2025

Authors

Hesham M. Abdelzaher *¹, Nabil A. Ismail², Adel S. El-Fishawy³, Fathi E. Abd-El-Samie⁴, Khalil F. Ramadan⁵

¹Hesham M. AbdelZaher Communication Department Faculty of Electronic Engineering El-Menoufia University El-Menoufia, Egypt Eng.hesham205@gmail.com

²Nabil A. Ismail Computer Science and Engineering Department Faculty of Electronic Engineering El-Menoufia University El-Menoufia, Egypt Nabil.Ismail@el-eng.menofia.edu.eg

³Adel S. El-Fishawy Communication Department Faculty of Electronic Engineering El-Menoufia University El-Menoufia, Egypt aelfishawy@hotmail.com

⁴Fathi. E. Abd-El-Samie Communication Department Faculty of Electronic Engineering El-Menoufia University El-Menoufia, Egypt Fathi_sayed@yahoo.com

⁵Khalil F. Ramadan Communication Department Faculty of Electronic Engineering El-Menoufia University El-Menoufia, Egypt khalilramadan@el-eng.menofia.edu.eg

Abstract

The rapid proliferation of Internet of Things (IoT) devices has expanded the attack surface of modern networks, necessitating the development of more robust and intelligent intrusion detection systems (IDS). In this study, we propose two hybrid deep learning models tailored for multiclass intrusion detection on BoT-IoT datasets. The first model combines XGBoost for efficient feature extraction with a Recurrent Neural Network (RNN) to capture temporal dependencies in attack sequences. The second model leverages a Transformer architecture for deep contextual learning of major attack classes and LightGBM for handling class imbalance among minor classes. Extensive experiments conducted on the BoTNeTIoT-L01-v2 and NF-Bot-IoT datasets demonstrate that both proposed models significantly outperform existing state-of-the-art methods. The XGBoost-RNN model achieves perfect classification performance over all metrics with accuracy 99.99%, while the Transformer-LightGBM model consistently records 99.45% across all key evaluation metrics with highest F1-score. These results highlight the effectiveness of the hybrid architectures in enhancing detection accuracy, class balance, and adaptability in complex IoT threat landscapes.

Keywords

Intrusion Detection, XGBoost, RNN, Hybrid Model, Machine Learning, Cybersecurity.

Status: Accepted