CyberDetect MLP a big data enabled optimized deep learning framework for scalable cyberattack detection in IoT environments

Talluri Upender; M Neelakantappa; C Prakasa Rao; Jaideep Gera; Vuyyuru Lakshma Reddy; Nagendar Yamsani

doi:10.1038/s41598-025-24459-w

CyberDetect MLP a big data enabled optimized deep learning framework for scalable cyberattack detection in IoT environments

Sci Rep. 2025 Nov 19;15(1):40865. doi: 10.1038/s41598-025-24459-w.

Authors

Talluri Upender¹, M Neelakantappa², C Prakasa Rao³, Jaideep Gera⁴, Vuyyuru Lakshma Reddy⁵, Nagendar Yamsani⁶

Affiliations

¹ Department of Computer Science and Engineering, CMR College of Engineering & Technology, Hyderabad, Telangana, India. talluri.upender@gmail.com.
² Department of IT, Vasavi College of Engineering, Hyderabad, Telangana, India.
³ Department of CSE, Bapatla Engineering College, Bapatla, Andhra Pradesh, India.
⁴ Department of Computer Science & Business Systems (CSBS), RVR & JC College of Engineering, Guntur, Andhra Pradesh, India.
⁵ Department of Computer Science & Engineering, Koneru Lakshmaiah Education Foundation, Green Fileds, Vaddeswaram, Guntur, 522302, AP, India.
⁶ School of Computer Science and Artificial Intelligence, SR University, Warangal, India.

Abstract

The rapid growth in the adoption of Internet of Things (IoT) ecosystems has led to a large-scale influx of multidimensional data, highlighting vast attack surfaces that diverse types of cyber threats can exploit. However, existing traditional intrusion detection systems (IDS) and many common machine learning (ML) models do not scale very well. They are unfortunately not interpretable and unable to deal with high-dimensional significant data streams, which makes them very limited for use in large-scale IoT applications. In this paper, we propose CyberDetect-MLP, a scalable, explainable, big data-enabled, and optimized deep learning framework for IoT cyberattack detection, addressing these challenges. We present a robust framework that employs Apache Spark for distributed ingestion and preprocessing, Mutual information-based feature selection, and a multi-layer perceptron (MLP) with batch normalization, dropout, and cosine annealing scheduling to improve performance and generalization. To enhance transparency and ensure trust from the administrator, an optional explainable AI (XAI) module is added utilizing Grad-CAM and SHAP. Extensive experiments on the full TON_IoT dataset show that CyberDetect-MLP outperforms the baselines of Random Forest, XGBoost, and vanilla MLP with an accuracy of 98.87% and a ROC-AUC of 99.10%. Ablation studies and explainability evaluations further corroborate the framework's robustness and the trustworthiness of the results. In contrast to existing methodologies, the proposed paradigm closes the gap between big data analytics and interpretable deep learning in cybersecurity to provide an end-to-end IDS approach specifically targeting real-time smart city, industrial IoT, and critical infrastructure applications. To ensure reproducibility and transparency, the complete implementation of the proposed CyberDetect-MLP framework, including data preprocessing, model training, and evaluation scripts, is publicly available at https://github.com/upender0123/CyberDetect-MLP .

Keywords: Big data analytics; Cyberattack detection; Deep learning; Intrusion detection system; IoT security.