Skip to main content
SpringerLink
Log in

Botnet Detection Based on Multilateral Attribute Graph

  • Conference paper
  • First Online:
Science of Cyber Security (SciSec 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13005))

Included in the following conference series:

Abstract

Botnets have become the infrastructure of cryptocurrency in recent years, but traditional graph-based detection methods ignore multiple flows and their features. We propose a botnet detection method (ME-LGCN) by node classification based on the fine-grained multilateral attribute graph (fMAG). Multiple flows and their features are appended on the simple graph of network topology as multilateral structures and attributes in fMAG. Latent Graph Convolutional Neural Network (Latent-GCN) is used for node classification, where multi-edge embedding learns the multilateral attributes as an interaction vector, direct on-vertex embedding extends node representation, and GCN aggregates information of neighborhoods. Experiments on real datasets show that ME-LGCN provides significant improvements compared to other methods with a more than 3% improvement in F1.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Freebuf Homepage. https://www.freebuf.com/company-information/225232.html. Accessed 13 May 2021

  2. Alieyan, K., ALmomani, A., Manasrah, A., Kadhum, M.M.: A survey of botnet detection based on DNS. Neural Comput. Appl. 28(7), 1541–1558 (2015). https://doi.org/10.1007/s00521-015-2128-0

  3. Khanchi, S., Vahdat, A., Heywood, M.I., Nur Zincir-Heywood, A.: On botnet detection with genetic programming under streaming data label budgets and class imbalance. Swarm Evol. Comput. 39, 120–140 (2018)

    Google Scholar 

  4. Chowdhury, S., et al.: Botnet detection using graph-based feature clustering. J. Big Data, 4, 14 (2017)

    Google Scholar 

  5. Venkatesh, B., Choudhury, S.H., Nagaraja, S., Balakrishnan, N.: BotSpot: fast graph based identification of structured P2P bots. J. Comput. Virol. Hacking Tech. 11(4), 247–261 (2015)

    Google Scholar 

  6. Daya, A. A., Salahuddin, M. A., Limam, N., etc.: A graph-based machine learning approach for bot detection. In: Dong, Y., et al. Symposium on Integrated Network and Service Management (IM) 2019, IFIP/IEEE, pp. 144–152. Arlington, VA, USA (2019)

    Google Scholar 

  7. Jaikumar, P., Kak, A.C.: A graph-theoretic framework for isolating botnets in a network. Secur. Commun. Netw. 8, 2605–2623 (2015)

    Google Scholar 

  8. Zhou, J., Xu, Z., Rush, A.M., Yu, M.: Automating botnet detection with graph neural networks, arXiv preprint arXiv:2003.06344, https://arxiv.org/abs/2003.06344 (2020)

  9. Xiaoli, L., Tang, G.: Covert P2P botnet detection based on traffic characteristics. Comput. Appl. Res. 30(06), 1867–1870 (2013)

    Google Scholar 

  10. Beigi, E.B., Jazi, H.H., et al.: Towards effective feature selection in machine learning-based botnet detection approaches. In: Wang, C. et al. Conference on Communications and Network Security (CNS), IEEE, pp. 247–255. San Francisco, CA, USA (2014)

    Google Scholar 

  11. Protogerou, A., Papadopoulos, S., Drosou, A., Tzovaras, D., Refanidis, I.: A graph neural network method for distributed anomaly detection in IoT. Evol. Syst. (prepublish) (2020)

    Google Scholar 

  12. Hermsen, F., Bloem, P., Jansen, F.: End-to-end learning from complex multigraphs with latent graph convolutional networks. arXiv preprint arXiv:1908.05365, https://arxiv.org/abs/1908.05365 (2019)

  13. Vos, W.B.W.: End-to-end learning of latent edge weights for graph convolutional networks. University of Amsterdam, Amsterdam. https://esc.fnwi.uva.nl/thesis/centraal/files/f696360596.pdf. Accessed 23 Apr 2021

  14. Argus Homepage, https://qosient.com/argus/gettingstarted.shtml. Accessed 11 May 2021

  15. Bingbing, X., Keting, C., Junjie, H., et al.: Review of graph volume neural networks. Acta Computa Sinica 043(005), 755–780 (2020)

    Google Scholar 

  16. Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks, arXiv preprint arXiv:1609.0290, https://arxiv.org/abs/1609.02907 (2016)

  17. Garcia, S., Grill, M., Stiborek, J., et al.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)

    Google Scholar 

  18. David, Z., Issa, T. et al.: Botnet detection based on traffic behavior analysis and flow intervals - sciencedirect. Comput. Secur. 39(4), 2–16 (2013)

    Google Scholar 

  19. Babak, R., Roberto, P. et al.: PeerRush: mining for unwanted P2P traffic. J. Inf. Secur. Appl. 19(3), 194–208 (2014)

    Google Scholar 

  20. Zhuang, D., Chang, J.M.: Enhanced PeerHunter: detecting peer-to-peer Botnets through network-flow level community behavior analysis. IEEE Trans. Inf. Forensics Secur. 14(6), 1485–1500 (2018)

    Google Scholar 

  21. Pektas, A., Acarman, T.: Botnet detection based on network flow summary and deep learning. Int. J. Netw. Manage. 28(6), e2039.1-e2039.15 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Information Science and Engineering, East China University of Science and Technology, Shanghai, 200237, China

    Hua Cheng, Yinda Shen, Tao Cheng & Jianfan Ling

  2. Information Office, East China University of Science and Technology, Shanghai, 200237, China

    Yiquan Fang

Authors
  1. Hua Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yinda Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yiquan Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jianfan Ling
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yiquan Fang .

Editor information

Editors and Affiliations

  1. Fudan University, Shanghai, China

    Wenlian Lu

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Computer Science Department, Columbia University, New York, NY, USA

    Moti Yung

  4. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Feng Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cheng, H., Shen, Y., Cheng, T., Fang, Y., Ling, J. (2021). Botnet Detection Based on Multilateral Attribute Graph. In: Lu, W., Sun, K., Yung, M., Liu, F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science(), vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89137-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89136-7

  • Online ISBN: 978-3-030-89137-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation