This paper proposes a novel network-based anomaly detection method using deep autoencoders to detect IoT botnet attacks. The method extracts behavior snapshots of network traffic and uses deep autoencoders to detect anomalous traffic from compromised IoT devices. The approach is evaluated by infecting nine commercial IoT devices with two well-known botnets, Mirai and BASHLITE. The results show that the method can accurately and instantly detect attacks as they are launched from compromised devices. The method is designed to detect the final operational step of botnet attacks, which is launching cyberattacks. It uses deep autoencoders to learn the normal behavior of IoT devices and detect anomalies when the device's behavior deviates from the learned patterns. The method is highly effective in detecting both known and unknown botnet behaviors, and it is efficient in terms of computation, memory, and energy usage, as it does not require processing on the IoT devices themselves. The method is network-based, which means it does not consume resources from the IoT devices, making it suitable for constrained environments. It is also able to handle the heterogeneity of IoT devices and is effective in detecting attacks even when the communication channels are encrypted. The method is evaluated using real traffic data from infected IoT devices, which provides more realistic results compared to simulated data. The method is compared with three other anomaly detection algorithms (LOF, One-Class SVM, and Isolation Forest) and shows superior performance in terms of detection accuracy, false positive rate, and detection time. The deep autoencoders are able to detect all attacks launched by compromised IoT devices, with a very low false positive rate. The method is also efficient in terms of detection time, often detecting attacks in less than a second. The paper concludes that the proposed method is effective in detecting IoT botnet attacks and is a promising approach for network-based anomaly detection in IoT environments. The method is able to detect both known and unknown botnet behaviors and is efficient in terms of computation, memory, and energy usage. The method is also able to handle the heterogeneity of IoT devices and is effective in detecting attacks even when the communication channels are encrypted. The method is evaluated using real traffic data from infected IoT devices, which provides more realistic results compared to simulated data.This paper proposes a novel network-based anomaly detection method using deep autoencoders to detect IoT botnet attacks. The method extracts behavior snapshots of network traffic and uses deep autoencoders to detect anomalous traffic from compromised IoT devices. The approach is evaluated by infecting nine commercial IoT devices with two well-known botnets, Mirai and BASHLITE. The results show that the method can accurately and instantly detect attacks as they are launched from compromised devices. The method is designed to detect the final operational step of botnet attacks, which is launching cyberattacks. It uses deep autoencoders to learn the normal behavior of IoT devices and detect anomalies when the device's behavior deviates from the learned patterns. The method is highly effective in detecting both known and unknown botnet behaviors, and it is efficient in terms of computation, memory, and energy usage, as it does not require processing on the IoT devices themselves. The method is network-based, which means it does not consume resources from the IoT devices, making it suitable for constrained environments. It is also able to handle the heterogeneity of IoT devices and is effective in detecting attacks even when the communication channels are encrypted. The method is evaluated using real traffic data from infected IoT devices, which provides more realistic results compared to simulated data. The method is compared with three other anomaly detection algorithms (LOF, One-Class SVM, and Isolation Forest) and shows superior performance in terms of detection accuracy, false positive rate, and detection time. The deep autoencoders are able to detect all attacks launched by compromised IoT devices, with a very low false positive rate. The method is also efficient in terms of detection time, often detecting attacks in less than a second. The paper concludes that the proposed method is effective in detecting IoT botnet attacks and is a promising approach for network-based anomaly detection in IoT environments. The method is able to detect both known and unknown botnet behaviors and is efficient in terms of computation, memory, and energy usage. The method is also able to handle the heterogeneity of IoT devices and is effective in detecting attacks even when the communication channels are encrypted. The method is evaluated using real traffic data from infected IoT devices, which provides more realistic results compared to simulated data.