GRUFNet: A Novel Deep Learning Approach with MCC-Driven Evaluation for Botnet Detection in SDN-IoT

In the evolving landscape of cyber-physical systems and IoT networks, detecting botnet attacks in real-time poses a significant challenge, particularly due to the complexity and imbalance of network traffic. Software defined Netwoks (SDN) that uses software-based controllers to communicate with hardware structure and direct traffic on a network but it faces security challenges, particularly Distributed Denial-of-Service (DDoS) attacks. Existing solutions are unable to detect low-rate and a statistical measure of the quality of binary lass. To address these challenges, we proposed a GRUFNet model, a hybrid deep learning architecture that integrates a Flow-Aware Gated Recurrent Unit (FA-GRU) with a Fully Connected Neural Network (FCNN) to improve botnet detection performance in Software-Defined Network-based IoT (SDN-IoT) environments. A SDNIoT dataset was generated using Mininet and the Ryu controller to emulate realistic botnet behavior in flow-level traffic for the study. The model was evaluated on three benchmark datasets: UNSW-NB15, BoT-IoT, and the SDNIoT. GRUFNet achieved accuracy scores of 94.6%, 99.76%, and 99.96%,and corresponding Mathews correlation coefficient (MCC) values of 0.8742, 0.6657, and 0.9992, respectively. Comparative analysis with standalone models FA-GRU and FCNN and other state-of-the-art techniques confirms that GRUFNet significantly improves precision, recall, and generalizability, especially in the presence of severe class imbalance. The integration of a hybrid temporal-spatial learning framework with a realistic SDN-based evaluation environment distinguishes this approach as both practical and scientifically robust for next-generation cybersecurity systems.