Automated Botnet Detection Method Based on Two-Stage Graph Learning
Botnets had become one of the most serious threats to network infrastructure. Existing botnet detection methods heavily rely on feature engineering,which significantly limits their detection performance in real-world environments. Botnet detection methods based on raw traffic had more advantages in this aspect,especially when leveraging graphs and raw traffic to enhance the identification of abnormal botnet behaviors,which is the focus of this study. This paper proposed an automated botnet detection method based on two-stage graph learning called Graph2BotNet. The approach involved constructing a flow graph from the interaction packets of each bidirectional network flow and building a communication graph based on the communication topology between IPs. The graph isomorphism network model was used to learn the vector representation of the flow graph,embedding the vector representation into the corresponding communication graph nodes,and finally passing it into the second stage-graph neural networks model to classify the nodes. Graph2BotNet leveraged the graph structure to automatically extract flow graph features and,without requiring extensive expert features,combined graph neural network models to perform two-stage graph learning for fast and accurate botnet detection. The experimental results on the ISCX-2014,CTU-13,and CICIDS2017 botnet datasets demonstrate that Graph2BotNet outperforms the current state-of-the-art methods.
万方数据
维普
