Memory-efficient and robust detection of Mirai botnet for future 6G-enabled IoT networks

The rise of 6G-enabled IoT networks has introduced significant challenges in securing resource-constrained devices against high-memory and energy-intensive cyber threats, such as the Mirai botnet. Due to their computational and memory overhead, existing Intrusion Detection Systems (IDS) and deep learning-based security mechanisms are often impractical for constrained IoT environments. This study proposes a TinyML-based real-time anomaly detection framework to classify and detect four distinct Mirai botnet attack types: Scan, UDP flooding, TCP flooding, and ACK flooding while analysing their impact on IoT device memory consumption and security.

To address the trade-off between detection accuracy, memory efficiency, and inference time, Naïve Bayes (NB), Random Forest (RF), Support Vector Machine (SVM), and K-Nearest Neighbours (KNN) classifiers optimized for TinyML deployment are implemented and compared. Experimental results demonstrate that KNN achieves detection accuracy above 99%, while maintaining low memory usage, making it the most suitable choice for real-time security in constrained IoT environments. Conversely, NB and RF offer superior inference speed with lower computational overhead, presenting a trade-off between detection latency and resource efficiency. Additionally, analysis reveals that Mirai botnet-induced memory consumption leads to increased fragmentation, excessive RAM usage, and higher energy consumption, highlighting the need for adaptive security mechanisms. This framework provides a lightweight, memory-efficient solution for enhancing security in 6G-enabled IoT ecosystems, with potential applications in smart cities, smart homes, and Industry 4.0. By integrating memory-aware ML models, this work contributes critical insights into developing scalable cybersecurity frameworks to ensure resilience against evolving cyber threats.