Abstract Internet of Things (IoT) networks are increasingly targeted by advanced botnet attacks, posing serious risks to security and system stability. However, many existing intrusion detection systems (IDS) struggle to balance detection accuracy, real-time efficiency, and interpretability—especially in resource-constrained environments. In this paper, we introduce GELAX, a novel detection framework that combines Graph Neural Networks (GNNs), Dynamic Graph Pruning, and Anchored Explainable AI to address these challenges. GELAX dynamically simplifies graph structures to reduce computational load, while still capturing meaningful device interactions. Its integrated explainability component highlights key features driving detection decisions with minimal overhead, supporting analyst trust and model transparency. Evaluations on two benchmark datasets—N-BaIoT and UNSW Bot-IoT—demonstrate that GELAX achieves high detection accuracy (95.9% and 96.9%), reduces CPU and memory usage by over 45%, and improves explanation alignment (faithfulness) by 22.5%. These results highlight GELAX as a robust, efficient, and interpretable solution for securing modern IoT systems.
Esmaeilyfard et al. (Tue,) studied this question.