Detecting Botnet Nodes via Structural Node Representation Learning

Justin Carpenter, Janet Layne, Edoardo Serra, Alfredo Cuzzocrea

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Botnets are an ever-growing threat to private users, small companies, and even large corporations. They are known for spamming, mass downloads, and launching distributed denial-of-service (DDoS) attacks that have a destructive impact on large corporations. With the rise of internet-of-things (IoT) devices, they are also used to mine cryptocurrency, intercept data in transit and send logs containing sensitive information to the master botnet. Many approaches have been developed to detect botnet activities. A few approaches employ graph neural networks (GNN) to analyze the behavior of hosts using a directed graph to represent their communications. However, while designed to capture structural graph properties, GNN may overfit, and therefore fail to capture these properties when the network is unknown. In this work we hypothesize that structural graph patterns can be used to effectively detect Botnets. We then propose a structural iterative representation learning approach for graph nodes, which is designed to perform well on unseen data, called Inferential SIR-GN. Our model creates a vector representation for each node that epitomizes its structural information. We demonstrate that this set of node representation vectors can be used with a neural network classifier to identify bot nodes within an unknown network with better performance than the current state-of-the-art GNN based method.

Original languageAmerican English
Title of host publication2021 IEEE International Conference on Big Data (Big Data)
StatePublished - 1 Jan 2021

Keywords

  • botnet detection
  • machine learning
  • structural graph representation learning

EGS Disciplines

  • Computer Sciences

Fingerprint

Dive into the research topics of 'Detecting Botnet Nodes via Structural Node Representation Learning'. Together they form a unique fingerprint.

Cite this