Papers
Topics
Authors
Recent
Search
2000 character limit reached

BoT-IoT: IoT Botnet Detection Dataset

Updated 6 July 2026
  • BoT-IoT is a comprehensive IoT intrusion detection dataset that combines full PCAP captures with Argus-derived flow records for both binary and multiclass labeling.
  • It offers detailed insights into diverse attack types including reconnaissance, DoS, DDoS, keylogging, and data exfiltration, supporting rigorous machine learning evaluations.
  • The dataset highlights extreme class imbalance challenges, necessitating robust metrics and advanced techniques like SMOTE and deep learning for effective detection.

Searching arXiv for recent and foundational papers on BoT-IoT to ground the article in the literature. BoT-IoT, also written Bot-IoT or BoT-IoT, is a large IoT-focused intrusion-detection and network-forensics dataset created at UNSW Canberra to address shortcomings of earlier corpora in complete network information, accurate labeling, and recent attack diversity. It combines full PCAP capture with Argus-derived CSV flow records, supports both binary and multiclass labeling, and includes benign IoT traffic alongside reconnaissance, DoS, DDoS, keylogging, and data exfiltration scenarios executed in a controlled testbed. Later literature repeatedly treats it as a recent realistic benchmark for IoT botnet detection, and one review explicitly positions Bot-IoT as the de facto dataset for recent machine- and deep-learning research on IoT botnet detection (Koroniotis et al., 2018, Al-Othman et al., 2020).

1. Origin, motivation, and testbed construction

BoT-IoT was introduced to provide a realistic dataset for intrusion detection and network forensic analytics in IoT environments, in contrast to older corpora that were described as synthetic, outdated, anonymized, weakly labeled, or insufficiently IoT-specific. Its design goal was not merely to provide flow summaries, but to begin from full PCAP capture and then derive rich flow and statistical features suitable for both packet-level forensics and feature-based machine learning (Koroniotis et al., 2018).

The testbed was deployed in UNSW Canberra’s research cyber range using an ESXi cluster managed via vSphere, with a PFSense firewall/router bridging LAN and WAN, an Ubuntu Tap machine in promiscuous mode capturing traffic with tshark, and a second firewall and a switch for controlled Internet access. Four Kali Linux attacker VMs, victim hosts including Ubuntu Server, Ubuntu Mobile, Windows 7, and Metasploitable, and an Ubuntu Tap recorder formed the core attack-and-capture environment. The Ubuntu Server hosted DNS, email, FTP, HTTP, and SSH services. Benign IoT behavior was simulated through Node-Red middleware and MQTT messaging to a local Mosquitto broker and the AWS IoT hub, with five scenarios: weather station, smart fridge, motion-activated lights, garage door, and smart thermostat (Koroniotis et al., 2018).

Background benign traffic was generated with Ostinato, while active attacks were launched from the Kali VMs using Nmap, hping3, Xprobe2, GoldenEye, Metasploit, Hydra, and logkeys. Cron-driven scripts synchronized attack windows with capture windows, and tshark rolled PCAP files at 1 GB to simplify downstream processing. This arrangement produced deterministic attack scheduling and reduced labeling ambiguity through controlled IP assignments and enforced communication paths (Koroniotis et al., 2018).

Attack category Examples Reported volume
Reconnaissance Service scanning, OS fingerprinting 1,463,364 and 358,275 flows
DDoS/DoS TCP, UDP, HTTP floods 19,547,603; 18,965,106; 19,771; 12,315,997; 20,659,491; 29,706 flows
Information theft Keylogging, data exfiltration 1,469 and 118 flows

The volumes themselves already indicate a defining property of BoT-IoT: it is dominated by high-volume attack traffic, especially volumetric DoS and DDoS floods, while stealthier theft-oriented activities are extremely scarce.

2. Data representation, labels, and feature space

The BoT-IoT processing pipeline begins with PCAP collection on the Ubuntu Tap host and then converts packet traces into flow records using Argus and rasqlinsert, with storage and post-processing in MySQL. Labels were assigned through controlled IP addressing, scheduled attack windows, and SQL UPDATE rules keyed to source and destination addresses, time windows, and scenario directories. The dataset therefore exposes a binary field attack{0,1}\texttt{attack} \in \{0,1\} and multiclass fields category\texttt{category} and subcategory\texttt{subcategory}, enabling both coarse and fine-grained supervision (Koroniotis et al., 2018).

The core Argus-derived flow attributes include identifiers such as source and destination addresses and ports, protocol and state fields, temporal attributes such as Stime\texttt{Stime}, Ltime\texttt{Ltime}, seq\texttt{seq}, and dur\texttt{dur}, and directional traffic statistics such as pkts\texttt{pkts}, bytes\texttt{bytes}, spkts\texttt{spkts}, category\texttt{category}0, category\texttt{category}1, and category\texttt{category}2. Rate-type features are explicitly defined as

category\texttt{category}3

In addition to these raw flow attributes, BoT-IoT computes 14 aggregated features over a sliding window of 100 connections grouped by host, protocol, and port. These include totals per source and destination IP, per-protocol and per-destination-port packet counts, average packet rates per protocol per source and destination IP and per source and destination port, inbound connection counts per source and destination IP, and packet counts grouped by state and protocol per source and destination IP (Koroniotis et al., 2018).

Later papers report different feature counts. A review describes Bot-IoT as providing 46 features (Al-Othman et al., 2020), LBDMIDS describes it as containing 47 features including class label, attack category, and attack subcategory (Saurabh et al., 2022), and a 2024 thesis works with 43 features before removing non-network meta or aggregate fields (Atuhurra et al., 2024). This suggests that reported dimensionality depends on dataset version, preprocessing, and whether label or aggregation fields are counted explicitly.

BoT-IoT is also notable for retaining forensic fidelity. IPs remain private-testbed addresses rather than public anonymized traces, and payload content is retained in PCAP files. A plausible implication is that BoT-IoT occupies an intermediate position between conventional IDS benchmarks and forensic corpora: it supports flow-based ML while still permitting packet-level reconstruction when a detection result requires evidentiary inspection.

3. Composition, attack taxonomy, and the imbalance problem

The original paper reports more than 72,000,000 total flow records and separately enumerates 73,360,900 attack flows and 9,543 benign flows, with benign traffic distributed across UDP, TCP, ARP, IPv6-ICMP, ICMP, IGMP, and RARP (Koroniotis et al., 2018). The attack taxonomy spans three broad groups: reconnaissance or information gathering, denial-of-service and distributed denial-of-service, and information theft. Later work commonly maps these into the main classes Normal, DDoS, DoS, Reconnaissance, and Theft (Saurabh et al., 2022).

Class imbalance is the most persistent methodological issue associated with BoT-IoT. The review literature emphasizes that information-theft instances constitute only 0.002% of the original dataset and that many studies gloss over under-represented categories (Al-Othman et al., 2020). Concrete working subsets are similarly extreme. One optimized decision-tree study used a 5% reduced dataset with 477 normal instances and 3,668,045 attack instances, a benign-to-malicious ratio of approximately category\texttt{category}4 (Injadat et al., 2020). A 2024 imbalance-focused study reported 477 normal and 3,668,041 attack instances, yielding an imbalance ratio of approximately category\texttt{category}5 (Atuhurra et al., 2024). A single-file binary-classification study using one CSV reported 994,828 botnet and 4,728 normal flows after removing null values, corresponding to 99.527% versus 0.473% (Pokhrel et al., 2021). In a Spark study on the full corpus, the ratio of NORMAL to ATTACK was just 0.012% NORMAL (Abushwereb et al., 2022).

This skew materially affects model interpretation. Near-perfect accuracy is often easy to obtain by exploiting majority-class prevalence, especially in binary attack-versus-normal settings. The literature therefore repeatedly argues that FPR, FNR, ROC AUC, recall, and F1 are indispensable when evaluating BoT-IoT-based IDS models (Al-Othman et al., 2020, Pokhrel et al., 2021). The dataset’s volumetric attack families are often highly separable, whereas low-volume theft subtypes, especially data exfiltration and keylogging, remain difficult because they are both rare and behaviorally closer to benign traffic.

4. Typical preprocessing and modeling workflows

A widely used BoT-IoT workflow is flow-centric and supervised. In one representative pipeline, rows with null values are removed via pandas.dropna(), categorical fields such as Proto and State are numerically encoded, numeric features are min-max scaled to category\texttt{category}6 using

category\texttt{category}7

chi-square scores are computed, and the final retained features are bytes, sbytes, dbytes, rate, pkts, spkts, srate, and drate. The data are then split 80/20 into training and test sets, 5-fold cross-validation is applied on the training set, and SMOTE balances the minority class to a 1:1 ratio before comparing Gaussian Naive Bayes, KNN, and MLP ANN (Pokhrel et al., 2021).

Other studies adopt alternative but related pipelines. LBDMIDS uses reduced author-provided training and testing subsets with the pre-selected 10 features rate, srate, drate, min, max, mean, std_dev, state_number, flgs_number, and seq, applies z-score normalization, reshapes inputs into sequences, and trains stacked and bidirectional LSTM models with sparse categorical cross-entropy for five-class multiclass detection (Saurabh et al., 2022). An optimized machine-learning framework applies min-max normalization and SMOTE to a 5% reduced BoT-IoT subset and uses Bayesian optimization with a Gaussian Process to tune a decision-tree classifier (Injadat et al., 2020).

At cluster scale, Apache Spark studies ingest the 74 CSV files into a single DataFrame, remove duplicates and missing values, apply StringIndexer to proto, flgs, state, sport, dport, and label, normalize numeric features, and train Random Forest, Decision Tree, and Naive Bayes models for binary, five-class main-category, and eleven-class subcategory tasks. Chi-square feature selection is used in partial-dataset experiments to derive “Top-10” and “Top-5” feature sets, but is omitted on the full dataset for practical scale reasons (Abushwereb et al., 2022).

The broader review literature shows that BoT-IoT has supported a diverse algorithmic ecosystem: SVM, RNN, LSTM-RNN, rule generation with J48, hybrid IDS frameworks combining C5 decision trees with One-Class SVM and Boosting, FNN and SNN under adversarial perturbations, CNN, DNN, RBM, DBN, DA, ANN with SMOTE, PSO-guided deep models, and fuzzy rule interpolation (Al-Othman et al., 2020). By contrast, a DRL-XGBoost paper uses Bot-IoT-2018 as input to a pipeline in which XGBoost performs dimensionality reduction, feature selection, and three-way classification into penetrating, healthy, and suspicious data before handing off to a reinforcement-learning component, but does not specify dataset splits, feature lists, or key hyperparameters (Zamani et al., 2022).

5. Empirical findings across BoT-IoT studies

Several consistent empirical patterns recur across the literature. First, KNN can perform strongly on reduced feature sets in binary botnet detection. In the eight-feature, single-file study, KNN achieved 99.6% accuracy and 99.2% ROC AUC on the imbalanced dataset and 92.1% accuracy with 92.2% ROC AUC after SMOTE balancing; it was therefore selected as the most reliable of the three tested classifiers (Pokhrel et al., 2021). Second, near-perfect weighted averages can conceal minority-class weakness. In LBDMIDS, both stacked and bidirectional LSTM variants reached 99.99% overall multi-class accuracy, yet the reported recall for the Theft class was only 0.36 for both models, and the bidirectional variant’s DoS recall dropped to 0.79 (Saurabh et al., 2022). Third, explicit imbalance handling can sharply reduce false alarms. In the 2024 thesis, training with SMOTE reduced Linear SVC false positive rate from 24.84% to 1.307% and improved AUC from 87.58% to 99.336%, while RBF SVM reached 99.9982% accuracy, 99.9984% recall, 99.9998% precision, and 1.307% FPR under balanced training (Atuhurra et al., 2024).

Study and setup Task Reported result
KNN with eight engineered features and SMOTE-balanced training Binary botnet vs normal 92.1% accuracy; 92.2% ROC AUC
LBDMIDS stacked and bidirectional LSTM Five-class multiclass 99.99% overall accuracy; Theft recall 0.36
BO-GP tuned Decision Tree Binary normal vs attack 99.99% accuracy; precision 0.99; recall 1.00; F1 1.00
Spark MLlib Random Forest on partial dataset Binary / main / subcategory 99.7% / 99.6% / 88.5% average F1
Spark MLlib Decision Tree on full dataset Binary / main / subcategory 97.9% / 79% / 77% average F1

The effect of imbalance on metric interpretation is particularly clear in the Naive Bayes and MLP results of the eight-feature study. Gaussian Naive Bayes achieved “nearly 100% accuracy” on the imbalanced dataset, yet its ROC AUC was reported as 60.9% in the text and about 0.51 in the corresponding figure, with very low recall and F1, indicating majority-class bias rather than meaningful separation (Pokhrel et al., 2021). MLP ANN was even more sensitive to class skew: its ROC AUC moved from 0.50 on the imbalanced dataset to 0.90 after SMOTE, despite a slight drop in accuracy from 87.4% to 85.8% (Pokhrel et al., 2021). This is one of the clearest demonstrations in the BoT-IoT literature that raw accuracy can deteriorate as evaluation becomes more realistic.

The original dataset paper also showed that pairwise binary models against specific subcategories behave unevenly. Volumetric DoS and DDoS subtypes such as DDoS UDP, DDoS TCP, and DoS UDP were detected with near-perfect true positives, whereas data exfiltration yielded zero true positives in one reported pairwise RNN evaluation because of extreme rarity (Koroniotis et al., 2018). Spark-based multiclass experiments tell a similar story: on the partial dataset, Random Forest exceeded 99% F1 on DoS subclasses, but THEFT_EXFIL had F1 = 0 because all 36 instances in the sample were misassigned, often as THEFT_KEYLOGGING (Abushwereb et al., 2022).

6. Limitations, interpretation, and continuing research directions

BoT-IoT’s realism is substantial but not unconstrained. The benign IoT devices are simulated through Node-Red rather than physical device firmware, botnet C2 channels are not explicitly modeled, and labeling relies on deterministic IP- and schedule-based assumptions that work well in a controlled cyber range but do not reproduce NAT, carrier-grade translation, or noisy multi-tenant conditions (Koroniotis et al., 2018). Many downstream studies also operate on a single CSV, a 5% sample, or author-provided reduced subsets rather than the full corpus, which limits exposure to the complete attack diversity and can amplify sampling artifacts (Pokhrel et al., 2021, Injadat et al., 2020).

A second limitation is reproducibility. Several papers omit hyperparameters, runtime details, seeds, or split strategies. The DRL-XGBoost study, for example, reports 99.9940% accuracy and MSE 0.1315 on Bot-IoT-2018 but does not provide feature lists, split proportions, cross-validation, XGBoost hyperparameters, or a fully specified reinforcement-learning algorithm, which constrains independent verification (Zamani et al., 2022). Even in more careful studies, important details such as K in KNN, MLP architecture, or exact feature-selection thresholds are sometimes absent (Pokhrel et al., 2021).

A third issue is metric selection. BoT-IoT’s imbalance makes accuracy and even weighted F1 potentially deceptive. The review literature explicitly recommends reporting FPR and FNR, using resampling or cost-sensitive learning, favoring hybrid IDS architectures, and evaluating robustness against adversarial perturbations and real-time constraints (Al-Othman et al., 2020). This is reinforced by the empirical observation that models can achieve near-perfect headline performance while still performing poorly on Normal, Theft, or data-exfiltration categories.

Current research directions inferred from the surveyed work include more systematic imbalance handling, richer feature-selection studies across the full-scale corpus, hybrid signature-plus-behavior frameworks with feedback loops, and operational integration with SDN for controller-side mitigation of botnet hosts (Al-Othman et al., 2020, Pokhrel et al., 2021). A related caution concerns transfer claims: a 2025 lightweight federated-learning paper explicitly reports that it does not use BoT-IoT, despite addressing IoT botnet detection, so conclusions from N-BaIoT or other datasets should not be treated as BoT-IoT evidence without direct evaluation (Mahmoud et al., 3 Oct 2025).

Taken together, the literature establishes BoT-IoT as both a foundational benchmark and a stress test for methodology. Its combination of full PCAPs, Argus flows, multiclass labels, and large-scale IoT-oriented attack scenarios made it central to IoT IDS research; its severe skew, rare theft categories, and lab-testbed assumptions simultaneously make it a dataset on which careless experimental design can produce overly optimistic conclusions.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to BoT-IoT.