Comparative Analysis of Machine Learning Classifiers for Detecting Backdoor Malware in IoT Networks

Abstract

The growth of Internet of Things (IoT) networks has led to the fact that it can now be more exposed to cyber-attacks, including those based on backdoor malware that makes it possible to gain unauthorized and persistent access to the compromised devices. Proper and effective identification of such attacks is hence critical in ensuring the safety of the IoT environments. This paper provides a comparative overview of classical machine-learning (ML) models of binary backdoor malware detection in IoT networks, in which the network traffic samples are either labeled Backdoor malware or Benign. The experimental workflow starts with an unbalanced backdoor of CICIoT2023 dataset, which is then preprocessed and balanced to create the final benchmark dataset to be used in model evaluation. This dataset is composed of 39,160 samples and 47 features, and the distribution of classes are the equal (19,580 benign and 19,580 backdoor malware samples). The ML pipeline was applied with a single evaluation pipeline based on data cleaning, label encoding, and feature standardization, and then 10-fold cross-validation. Twenty classical ML classifiers were benchmarked, including ensemble, linear, probabilistic, kernel-based, instance-based, and neural-network-based ML methods. Accuracy, Precision, Recall, F1-score and execution time were used to measure performance indicates . The findings indicate that tree-based ensemble models always perform better than other models with ExtraTrees having the highest overall performance (Accuracy = 0.999872, Precision = 0.999872, Recall = 0.999872, F1-score = 0.999872), then followed by RandomForest (0.999719) Among the best performing models, XGBoost also produced very competitive results (Accuracy = 0.999489) with desirable computational efficiency. These results emphasize the use of ensemble-based ML methods as highly efficient and feasible baselines in detecting backdoor malware in IoT and the evolution of effective, deployment-friendly IoT security tools.