Abstract
Botnets have become the infrastructure of cryptocurrency in recent years, but traditional graph-based detection methods ignore multiple flows and their features. We propose a botnet detection method (ME-LGCN) by node classification based on the fine-grained multilateral attribute graph (fMAG). Multiple flows and their features are appended on the simple graph of network topology as multilateral structures and attributes in fMAG. Latent Graph Convolutional Neural Network (Latent-GCN) is used for node classification, where multi-edge embedding learns the multilateral attributes as an interaction vector, direct on-vertex embedding extends node representation, and GCN aggregates information of neighborhoods. Experiments on real datasets show that ME-LGCN provides significant improvements compared to other methods with a more than 3% improvement in F1.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Freebuf Homepage. https://www.freebuf.com/company-information/225232.html. Accessed 13 May 2021
Alieyan, K., ALmomani, A., Manasrah, A., Kadhum, M.M.: A survey of botnet detection based on DNS. Neural Comput. Appl. 28(7), 1541–1558 (2015). https://doi.org/10.1007/s00521-015-2128-0
Khanchi, S., Vahdat, A., Heywood, M.I., Nur Zincir-Heywood, A.: On botnet detection with genetic programming under streaming data label budgets and class imbalance. Swarm Evol. Comput. 39, 120–140 (2018)
Chowdhury, S., et al.: Botnet detection using graph-based feature clustering. J. Big Data, 4, 14 (2017)
Venkatesh, B., Choudhury, S.H., Nagaraja, S., Balakrishnan, N.: BotSpot: fast graph based identification of structured P2P bots. J. Comput. Virol. Hacking Tech. 11(4), 247–261 (2015)
Daya, A. A., Salahuddin, M. A., Limam, N., etc.: A graph-based machine learning approach for bot detection. In: Dong, Y., et al. Symposium on Integrated Network and Service Management (IM) 2019, IFIP/IEEE, pp. 144–152. Arlington, VA, USA (2019)
Jaikumar, P., Kak, A.C.: A graph-theoretic framework for isolating botnets in a network. Secur. Commun. Netw. 8, 2605–2623 (2015)
Zhou, J., Xu, Z., Rush, A.M., Yu, M.: Automating botnet detection with graph neural networks, arXiv preprint arXiv:2003.06344, https://arxiv.org/abs/2003.06344 (2020)
Xiaoli, L., Tang, G.: Covert P2P botnet detection based on traffic characteristics. Comput. Appl. Res. 30(06), 1867–1870 (2013)
Beigi, E.B., Jazi, H.H., et al.: Towards effective feature selection in machine learning-based botnet detection approaches. In: Wang, C. et al. Conference on Communications and Network Security (CNS), IEEE, pp. 247–255. San Francisco, CA, USA (2014)
Protogerou, A., Papadopoulos, S., Drosou, A., Tzovaras, D., Refanidis, I.: A graph neural network method for distributed anomaly detection in IoT. Evol. Syst. (prepublish) (2020)
Hermsen, F., Bloem, P., Jansen, F.: End-to-end learning from complex multigraphs with latent graph convolutional networks. arXiv preprint arXiv:1908.05365, https://arxiv.org/abs/1908.05365 (2019)
Vos, W.B.W.: End-to-end learning of latent edge weights for graph convolutional networks. University of Amsterdam, Amsterdam. https://esc.fnwi.uva.nl/thesis/centraal/files/f696360596.pdf. Accessed 23 Apr 2021
Argus Homepage, https://qosient.com/argus/gettingstarted.shtml. Accessed 11 May 2021
Bingbing, X., Keting, C., Junjie, H., et al.: Review of graph volume neural networks. Acta Computa Sinica 043(005), 755–780 (2020)
Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks, arXiv preprint arXiv:1609.0290, https://arxiv.org/abs/1609.02907 (2016)
Garcia, S., Grill, M., Stiborek, J., et al.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)
David, Z., Issa, T. et al.: Botnet detection based on traffic behavior analysis and flow intervals - sciencedirect. Comput. Secur. 39(4), 2–16 (2013)
Babak, R., Roberto, P. et al.: PeerRush: mining for unwanted P2P traffic. J. Inf. Secur. Appl. 19(3), 194–208 (2014)
Zhuang, D., Chang, J.M.: Enhanced PeerHunter: detecting peer-to-peer Botnets through network-flow level community behavior analysis. IEEE Trans. Inf. Forensics Secur. 14(6), 1485–1500 (2018)
Pektas, A., Acarman, T.: Botnet detection based on network flow summary and deep learning. Int. J. Netw. Manage. 28(6), e2039.1-e2039.15 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Cheng, H., Shen, Y., Cheng, T., Fang, Y., Ling, J. (2021). Botnet Detection Based on Multilateral Attribute Graph. In: Lu, W., Sun, K., Yung, M., Liu, F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science(), vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-89137-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89136-7
Online ISBN: 978-3-030-89137-4
eBook Packages: Computer ScienceComputer Science (R0)