Table 7 Qualitative comparison of proposed CyberDetect-MLP with existing IoT IDS works (including TON_IoT).
Study & year | Dataset(s) used | Method/model | Key features & novelty | Performance description |
|---|---|---|---|---|
Korba et al81. (2025) | TON_IoT/IoT botnet | Explainable anomaly detection framework | Early-stage detection uses explainable network-based features for IoT botnet mitigation | Reported improved detection rates with an explainability focus |
Korba et al82. (2025) | IoV/IoT botnet | Isolation forest + particle swarm optimization | Modular zero-day attack detection; optimized feature selection | Demonstrates robust zero-day detection on IoT traffic |
Khan et al87. (2024) | TON_IoT, Consumer IoT | Federated-boosting IDS | Distributed federated learning, dynamic boosting, privacy-preserving | Highlights strong detection with privacy enhancement |
Khan et al88. (2024) | IoT network traffic | Collaborative SRU network | Explainable hybrid IDS; dynamic behavior aggregation; reduced communication overhead | Emphasizes interpretability and resource efficiency |
Mohammad et al93. (2020) | TON_IoT benchmark | Baseline IDS dataset description | Provides a detailed TON_IoT dataset for IDS research; widely used benchmark | Used as a reference dataset in IDS literature |
Proposed CyberDetect-MLP (2025) | TON_IoT | Optimized MLP + Spark + MI + XAI | Scalable big data pipeline; MI-based feature selection; explainable AI (Grad-CAM & SHAP); Spark-enabled | Demonstrates improved scalability, interpretability, and practical IoT deployment potential |
