Addressing the challenge of detecting stealthy, dynamically evolving botnet attacks in Internet-of-Things (IoT) environments, this paper proposes a novel four-model collaborative stacking architecture integrating CNN, Bi-LSTM, Bi-GRU, and RNN. The design jointly captures local spatial features and bidirectional temporal dependencies to enable fine-grained representation and real-time detection of network traffic behavior. To our knowledge, this is the first work to introduce a heterogeneous multi-model stacking mechanism, significantly enhancing discriminative capability for low signal-to-noise-ratio and short-duration botnet traffic. Evaluated on the UNSW-NB15 dataset, the model achieves 99.76% accuracy and 99.18% ROC-AUC—surpassing existing state-of-the-art methods. The approach offers a highly robust, deployable detection paradigm for IoT security, balancing modeling expressiveness with practical applicability.

Cyberattacks in an Internet of Things (IoT) environment can have significant impacts because of the interconnected nature of devices and systems. An attacker uses a network of compromised IoT devices in a botnet attack to carry out various harmful activities. Detecting botnet attacks poses several challenges because of the intricate and evolving nature of these threats. Botnet attacks erode trust in IoT devices and systems, undermining confidence in their security, reliability, and integrity. Deep learning techniques have significantly enhanced the detection of botnet attacks due to their ability to analyze and learn from complex patterns in data. This research proposed the stacking of Deep convolutional neural networks, Bi-Directional Long Short-Term Memory (Bi-LSTM), Bi-Directional Gated Recurrent Unit (Bi-GRU), and Recurrent Neural Networks (RNN) for botnet attacks detection. The UNSW-NB15 dataset is utilized for botnet attacks detection. According to experimental results, the proposed model accurately provides for the intricate patterns and features of botnet attacks, with a testing accuracy of ${9 9. 7 6 %}$. The proposed model also identifies botnets with a high ROC-AUC curve value of ${9 9. 1 8 %}$. A performance comparison of the proposed method with existing state-of-the-art models confirms its higher performance. The outcomes of this research could strengthen cyber security procedures and safeguard against new attacks.