Classifying IoT Botnet Attacks With Kolmogorov-Arnold Networks: A Comparative Analysis of Architectural Variations
Phuc Hao, Tran Duc Le, Truong Duy Dinh, Van Dai Pham
Abstract
The rapid expansion of devices on the Internet of Things (IoTs) has led to a significant rise in IoT botnet attacks, creating an urgent need for advanced detection and classification methods. This study aims to evaluate the effectiveness of Kolmogorov-Arnold Networks (KANs) and their architectural variations in classifying IoT botnet attacks, comparing their performance with traditional machine learning and deep learning models. We conducted a comparative analysis of five KAN architectures, including Original-KAN, Fast-KAN, Jacobi-KAN, Deep-KAN, and Chebyshev-KAN, against models like Multi-Layer Perceptron (MLP), Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) networks, and Gated Recurrent Units (GRU). The evaluation was performed on three IoT botnet datasets: N-BaIoT, IoT23, and IoT-BotNet, using metrics such as accuracy, precision, recall, F1-score, training time, and model complexity. KAN variants consistently demonstrated robust performance, often exceeding traditional ML and DL models in accuracy and stability across all datasets. The Original-KAN variant, in particular, excelled in capturing complex, non-linear patterns inherent in IoT botnet traffic, achieving higher accuracy and faster convergence rates. Variations such as Fast-KAN and Deep-KAN offered favorable trade-offs between computational efficiency and modeling capacity, making them suitable for real-time and resource-constrained IoT environments. Kolmogorov-Arnold Networks prove to be highly effective for IoT botnet classification, outperforming conventional models and offering significant advantages in adaptability and accuracy. The integration of KAN-based models into existing cybersecurity frameworks can enhance the detection and mitigation of sophisticated botnet threats, thus contributing to more resilient and secure IoT ecosystems.