Botnet Detection Method Based on Graph Reconstruction and Subgraph Mining
Aiming at the problem that disguised botnet hosts are difficult to detect,a botnet detection method based on graph reconstruction and subgraph mining (GR-SGM) was proposed. Firstly,network data was converted into graph data which was reconstructed to enhance the host node feature representation. Then,based on the topological structure,node characteristics,and position changes in the reconstructed graph,a botnet subgraph scoring function was designed. In this way,the camouflaged features were captured,the botnet subgraph was extracted,and the original and reconstructed graphs were pre-detected to improve detection accuracy and efficiency reducing recon-struction errors. Finally,the pre-detection results and botnet subgraphs were comprehensively scored to obtain com-plete botnet information. Experimental results on the ISCX2014 botnet dataset and CICIDS2017 botnet dataset showed that the detection accuracy of GR-SGM was 99.98% and 99.91%,respectively,and the F1 reached 99.94% and 99.65%,respectively. Compared with other botnet detection models,GR-SGM could identify botnet nodes more efficiently and accurately,while having a lower false alarm rate.
万方数据
维普
