The Industrial Internet of Things (IIoT) has reshaped Industry 4.0 by enabling large-scale connectivity among intelligent devices and supporting new levels of digital automation and analytics. However, the distributed nature of IIoT, together with Industrial 5G connectivity, heterogeneous sensing devices, IT/OT convergence, edge computing, and time-sensitive networking, significantly expands the attack surface. In particular, complex multi-variant persistent botnet attacks pose a severe threat to operational continuity and safety. Early and accurate detection of such attacks remains challenging due to evolving behaviors, encrypted traffic, and the limitations of signature-based detection. To address this problem, this paper proposes a hybrid deep learning-enabled approach called the Graph Constructive Localization Model (GCLM) to defend IIoT infrastructure against sophisticated botnet attacks. GCLM converts traffic sequences into graphs, learns node embeddings using Word2Vec, extracts high-level representations through graph convolution, and improves interpretability and discriminability using global attention pooling and supervised contrastive learning. The proposed model is evaluated using recent benchmark methodologies, conventional and extended performance metrics, and widely used intrusion datasets. Experimental results show that GCLM achieves a 99.9% botnet detection rate and an average detection time of 0.066 ms, outperforming existing deep learning and hybrid baselines in both accuracy and efficiency.
Gulhane et al. (Tue,) studied this question.