The article presents a novel method for detecting IoT botnet attacks using deep autoencoders. The method focuses on the last operational step of botnets—launching attacks—rather than earlier stages like propagation and infection. It employs deep autoencoders to detect anomalies in network traffic from IoT devices. The approach involves extracting statistical features from benign traffic to train autoencoders for each device, enabling the detection of abnormal behavior indicative of compromise. The method is network-based, requiring no additional computation or resources from IoT devices, making it efficient and suitable for large-scale deployment in enterprises. The authors evaluated their method by infecting nine commercial IoT devices with two well-known botnets, Mirai and BASHLITE, and analyzing the resulting traffic. They demonstrated that their method can accurately and instantly detect attacks as they occur, with a high true positive rate (TPR) and low false positive rate (FPR). The method outperformed three other anomaly detection algorithms in terms of TPR and FPR, and it achieved detection times of less than a second, which is significantly faster than typical DDoS attacks. The method's key advantages include its ability to handle the heterogeneity of IoT devices, its open-world approach that can detect new botnet behaviors, and its efficiency in terms of computation, memory, and energy consumption. The method is also effective in detecting attacks launched by IoT devices, even when the communication channels are encrypted or the botnet is using sophisticated propagation techniques. The authors also explored the relationship between traffic predictability and anomaly detection performance, finding that devices with more predictable traffic patterns are easier to monitor for anomalies. They plan to further investigate this relationship and explore the application of transfer learning to improve detection accuracy across different IoT devices and networks. The study highlights the importance of developing robust, automated methods for detecting IoT botnet attacks, which are increasingly prevalent due to the rapid growth of IoT devices.The article presents a novel method for detecting IoT botnet attacks using deep autoencoders. The method focuses on the last operational step of botnets—launching attacks—rather than earlier stages like propagation and infection. It employs deep autoencoders to detect anomalies in network traffic from IoT devices. The approach involves extracting statistical features from benign traffic to train autoencoders for each device, enabling the detection of abnormal behavior indicative of compromise. The method is network-based, requiring no additional computation or resources from IoT devices, making it efficient and suitable for large-scale deployment in enterprises. The authors evaluated their method by infecting nine commercial IoT devices with two well-known botnets, Mirai and BASHLITE, and analyzing the resulting traffic. They demonstrated that their method can accurately and instantly detect attacks as they occur, with a high true positive rate (TPR) and low false positive rate (FPR). The method outperformed three other anomaly detection algorithms in terms of TPR and FPR, and it achieved detection times of less than a second, which is significantly faster than typical DDoS attacks. The method's key advantages include its ability to handle the heterogeneity of IoT devices, its open-world approach that can detect new botnet behaviors, and its efficiency in terms of computation, memory, and energy consumption. The method is also effective in detecting attacks launched by IoT devices, even when the communication channels are encrypted or the botnet is using sophisticated propagation techniques. The authors also explored the relationship between traffic predictability and anomaly detection performance, finding that devices with more predictable traffic patterns are easier to monitor for anomalies. They plan to further investigate this relationship and explore the application of transfer learning to improve detection accuracy across different IoT devices and networks. The study highlights the importance of developing robust, automated methods for detecting IoT botnet attacks, which are increasingly prevalent due to the rapid growth of IoT devices.