Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations
The rapid expansion of devices on the Internet of Things (IoTs) has led to a significant rise in IoT botnet attacks, creating an urgent need for advanced detection and classification methods. This study aims to evaluate the effectiveness of Kolmogorov-Arnold Networks (KANs) and their architectural v...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10839389/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832575618108096512 |
|---|---|
| author | Phuc Hao do Tran Duc Le Truong Duy Dinh van Dai Pham |
| author_facet | Phuc Hao do Tran Duc Le Truong Duy Dinh van Dai Pham |
| author_sort | Phuc Hao do |
| collection | DOAJ |
| description | The rapid expansion of devices on the Internet of Things (IoTs) has led to a significant rise in IoT botnet attacks, creating an urgent need for advanced detection and classification methods. This study aims to evaluate the effectiveness of Kolmogorov-Arnold Networks (KANs) and their architectural variations in classifying IoT botnet attacks, comparing their performance with traditional machine learning and deep learning models. We conducted a comparative analysis of five KAN architectures, including Original-KAN, Fast-KAN, Jacobi-KAN, Deep-KAN, and Chebyshev-KAN, against models like Multi-Layer Perceptron (MLP), Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) networks, and Gated Recurrent Units (GRU). The evaluation was performed on three IoT botnet datasets: N-BaIoT, IoT23, and IoT-BotNet, using metrics such as accuracy, precision, recall, F1-score, training time, and model complexity. KAN variants consistently demonstrated robust performance, often exceeding traditional ML and DL models in accuracy and stability across all datasets. The Original-KAN variant, in particular, excelled in capturing complex, non-linear patterns inherent in IoT botnet traffic, achieving higher accuracy and faster convergence rates. Variations such as Fast-KAN and Deep-KAN offered favorable trade-offs between computational efficiency and modeling capacity, making them suitable for real-time and resource-constrained IoT environments. Kolmogorov-Arnold Networks prove to be highly effective for IoT botnet classification, outperforming conventional models and offering significant advantages in adaptability and accuracy. The integration of KAN-based models into existing cybersecurity frameworks can enhance the detection and mitigation of sophisticated botnet threats, thus contributing to more resilient and secure IoT ecosystems. |
| format | Article |
| id | doaj-art-d4f381cf45014e5eb5f56f1953fcc8da |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-d4f381cf45014e5eb5f56f1953fcc8da2025-01-31T23:05:25ZengIEEEIEEE Access2169-35362025-01-0113160721609310.1109/ACCESS.2025.352894010839389Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural VariationsPhuc Hao do0https://orcid.org/0000-0003-0645-0021Tran Duc Le1https://orcid.org/0000-0003-3735-0314Truong Duy Dinh2https://orcid.org/0000-0002-9993-9792van Dai Pham3https://orcid.org/0000-0003-1363-0784The Bonch-Bruevich Saint Petersburg State University of Telecommunications, Saint Petersburg, RussiaUniversity of Wisconsin-Stout, Menomonie, WI, USAPosts and Telecommunications Institute of Technology, Hanoi, VietnamSwinburne Vietnam, FPT University, Hanoi, VietnamThe rapid expansion of devices on the Internet of Things (IoTs) has led to a significant rise in IoT botnet attacks, creating an urgent need for advanced detection and classification methods. This study aims to evaluate the effectiveness of Kolmogorov-Arnold Networks (KANs) and their architectural variations in classifying IoT botnet attacks, comparing their performance with traditional machine learning and deep learning models. We conducted a comparative analysis of five KAN architectures, including Original-KAN, Fast-KAN, Jacobi-KAN, Deep-KAN, and Chebyshev-KAN, against models like Multi-Layer Perceptron (MLP), Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) networks, and Gated Recurrent Units (GRU). The evaluation was performed on three IoT botnet datasets: N-BaIoT, IoT23, and IoT-BotNet, using metrics such as accuracy, precision, recall, F1-score, training time, and model complexity. KAN variants consistently demonstrated robust performance, often exceeding traditional ML and DL models in accuracy and stability across all datasets. The Original-KAN variant, in particular, excelled in capturing complex, non-linear patterns inherent in IoT botnet traffic, achieving higher accuracy and faster convergence rates. Variations such as Fast-KAN and Deep-KAN offered favorable trade-offs between computational efficiency and modeling capacity, making them suitable for real-time and resource-constrained IoT environments. Kolmogorov-Arnold Networks prove to be highly effective for IoT botnet classification, outperforming conventional models and offering significant advantages in adaptability and accuracy. The integration of KAN-based models into existing cybersecurity frameworks can enhance the detection and mitigation of sophisticated botnet threats, thus contributing to more resilient and secure IoT ecosystems.https://ieeexplore.ieee.org/document/10839389/CybersecurityIoT botnet detectionKolmogorov-Arnold networksnetwork intrusion detection |
| spellingShingle | Phuc Hao do Tran Duc Le Truong Duy Dinh van Dai Pham Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations IEEE Access Cybersecurity IoT botnet detection Kolmogorov-Arnold networks network intrusion detection |
| title | Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations |
| title_full | Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations |
| title_fullStr | Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations |
| title_full_unstemmed | Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations |
| title_short | Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations |
| title_sort | classifying iot botnet attacks with kolmogorov arnold networks a comparative analysis of architectural variations |
| topic | Cybersecurity IoT botnet detection Kolmogorov-Arnold networks network intrusion detection |
| url | https://ieeexplore.ieee.org/document/10839389/ |
| work_keys_str_mv | AT phuchaodo classifyingiotbotnetattackswithkolmogorovarnoldnetworksacomparativeanalysisofarchitecturalvariations AT tranducle classifyingiotbotnetattackswithkolmogorovarnoldnetworksacomparativeanalysisofarchitecturalvariations AT truongduydinh classifyingiotbotnetattackswithkolmogorovarnoldnetworksacomparativeanalysisofarchitecturalvariations AT vandaipham classifyingiotbotnetattackswithkolmogorovarnoldnetworksacomparativeanalysisofarchitecturalvariations |