Detecting Botnet Nodes via Structural Node Representation Learning

Justin Carpenter; Janet Layne; Edoardo Serra; Alfredo Cuzzocrea

doi:10.1109/BigData52589.2021.9671728

Detecting Botnet Nodes via Structural Node Representation Learning

Justin Carpenter, Janet Layne, Edoardo Serra, Alfredo Cuzzocrea

Computer Science Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

11 Scopus citations

Abstract

Botnets are an ever-growing threat to private users, small companies, and even large corporations. They are known for spamming, mass downloads, and launching distributed denial-of-service (DDoS) attacks that have a destructive impact on large corporations. With the rise of internet-of-things (IoT) devices, they are also used to mine cryptocurrency, intercept data in transit and send logs containing sensitive information to the master botnet. Many approaches have been developed to detect botnet activities. A few approaches employ graph neural networks (GNN) to analyze the behavior of hosts using a directed graph to represent their communications. However, while designed to capture structural graph properties, GNN may overfit, and therefore fail to capture these properties when the network is unknown. In this work we hypothesize that structural graph patterns can be used to effectively detect Botnets. We then propose a structural iterative representation learning approach for graph nodes, which is designed to perform well on unseen data, called Inferential SIR-GN. Our model creates a vector representation for each node that epitomizes its structural information. We demonstrate that this set of node representation vectors can be used with a neural network classifier to identify bot nodes within an unknown network with better performance than the current state-of-the-art GNN based method.

Original language	American English
Title of host publication	Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021
Editors	Yixin Chen, Heiko Ludwig, Yicheng Tu, Usama Fayyad, Xingquan Zhu, Xiaohua Tony Hu, Suren Byna, Xiong Liu, Jianping Zhang, Shirui Pan, Vagelis Papalexakis, Jianwu Wang, Alfredo Cuzzocrea, Carlos Ordonez
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	5357-5364
Number of pages	8
ISBN (Electronic)	9781665439022
DOIs	https://doi.org/10.1109/BigData52589.2021.9671728
State	Published - 2021
Event	2021 IEEE International Conference on Big Data, Big Data 2021 - Virtual, Online, United States Duration: 15 Dec 2021 → 18 Dec 2021

Publication series

Name	Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

Conference

Conference	2021 IEEE International Conference on Big Data, Big Data 2021
Country/Territory	United States
City	Virtual, Online
Period	15/12/21 → 18/12/21

Keywords

Botnet Detection
Machine Learning
Structural Graph Representation Learning

EGS Disciplines

Computer Sciences

Access to Document

10.1109/BigData52589.2021.9671728

https://doi.org/10.1109/BigData52589.2021.9671728

Cite this

Carpenter, J., Layne, J., Serra, E., & Cuzzocrea, A. (2021). Detecting Botnet Nodes via Structural Node Representation Learning. In Y. Chen, H. Ludwig, Y. Tu, U. Fayyad, X. Zhu, X. T. Hu, S. Byna, X. Liu, J. Zhang, S. Pan, V. Papalexakis, J. Wang, A. Cuzzocrea, & C. Ordonez (Eds.), Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021 (pp. 5357-5364). (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData52589.2021.9671728

Carpenter, Justin ; Layne, Janet ; Serra, Edoardo et al. / Detecting Botnet Nodes via Structural Node Representation Learning. Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. editor / Yixin Chen ; Heiko Ludwig ; Yicheng Tu ; Usama Fayyad ; Xingquan Zhu ; Xiaohua Tony Hu ; Suren Byna ; Xiong Liu ; Jianping Zhang ; Shirui Pan ; Vagelis Papalexakis ; Jianwu Wang ; Alfredo Cuzzocrea ; Carlos Ordonez. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 5357-5364 (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021).

@inproceedings{8d905139afb74978a684eec1ceb84aa3,

title = "Detecting Botnet Nodes via Structural Node Representation Learning",

abstract = "Botnets are an ever-growing threat to private users, small companies, and even large corporations. They are known for spamming, mass downloads, and launching distributed denial-of-service (DDoS) attacks that have a destructive impact on large corporations. With the rise of internet-of-things (IoT) devices, they are also used to mine cryptocurrency, intercept data in transit and send logs containing sensitive information to the master botnet. Many approaches have been developed to detect botnet activities. A few approaches employ graph neural networks (GNN) to analyze the behavior of hosts using a directed graph to represent their communications. However, while designed to capture structural graph properties, GNN may overfit, and therefore fail to capture these properties when the network is unknown. In this work we hypothesize that structural graph patterns can be used to effectively detect Botnets. We then propose a structural iterative representation learning approach for graph nodes, which is designed to perform well on unseen data, called Inferential SIR-GN. Our model creates a vector representation for each node that epitomizes its structural information. We demonstrate that this set of node representation vectors can be used with a neural network classifier to identify bot nodes within an unknown network with better performance than the current state-of-the-art GNN based method.",

keywords = "Botnet Detection, Machine Learning, Structural Graph Representation Learning",

author = "Justin Carpenter and Janet Layne and Edoardo Serra and Alfredo Cuzzocrea",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE International Conference on Big Data, Big Data 2021 ; Conference date: 15-12-2021 Through 18-12-2021",

year = "2021",

doi = "10.1109/BigData52589.2021.9671728",

language = "American English",

series = "Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "5357--5364",

editor = "Yixin Chen and Heiko Ludwig and Yicheng Tu and Usama Fayyad and Xingquan Zhu and Hu, \{Xiaohua Tony\} and Suren Byna and Xiong Liu and Jianping Zhang and Shirui Pan and Vagelis Papalexakis and Jianwu Wang and Alfredo Cuzzocrea and Carlos Ordonez",

booktitle = "Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021",

address = "United States",

}

Carpenter, J, Layne, J, Serra, E & Cuzzocrea, A 2021, Detecting Botnet Nodes via Structural Node Representation Learning. in Y Chen, H Ludwig, Y Tu, U Fayyad, X Zhu, XT Hu, S Byna, X Liu, J Zhang, S Pan, V Papalexakis, J Wang, A Cuzzocrea & C Ordonez (eds), Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021, Institute of Electrical and Electronics Engineers Inc., pp. 5357-5364, 2021 IEEE International Conference on Big Data, Big Data 2021, Virtual, Online, United States, 15/12/21. https://doi.org/10.1109/BigData52589.2021.9671728

Detecting Botnet Nodes via Structural Node Representation Learning. / Carpenter, Justin; Layne, Janet; Serra, Edoardo et al.
Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. ed. / Yixin Chen; Heiko Ludwig; Yicheng Tu; Usama Fayyad; Xingquan Zhu; Xiaohua Tony Hu; Suren Byna; Xiong Liu; Jianping Zhang; Shirui Pan; Vagelis Papalexakis; Jianwu Wang; Alfredo Cuzzocrea; Carlos Ordonez. Institute of Electrical and Electronics Engineers Inc., 2021. p. 5357-5364 (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting Botnet Nodes via Structural Node Representation Learning

AU - Carpenter, Justin

AU - Layne, Janet

AU - Serra, Edoardo

AU - Cuzzocrea, Alfredo

PY - 2021

Y1 - 2021

N2 - Botnets are an ever-growing threat to private users, small companies, and even large corporations. They are known for spamming, mass downloads, and launching distributed denial-of-service (DDoS) attacks that have a destructive impact on large corporations. With the rise of internet-of-things (IoT) devices, they are also used to mine cryptocurrency, intercept data in transit and send logs containing sensitive information to the master botnet. Many approaches have been developed to detect botnet activities. A few approaches employ graph neural networks (GNN) to analyze the behavior of hosts using a directed graph to represent their communications. However, while designed to capture structural graph properties, GNN may overfit, and therefore fail to capture these properties when the network is unknown. In this work we hypothesize that structural graph patterns can be used to effectively detect Botnets. We then propose a structural iterative representation learning approach for graph nodes, which is designed to perform well on unseen data, called Inferential SIR-GN. Our model creates a vector representation for each node that epitomizes its structural information. We demonstrate that this set of node representation vectors can be used with a neural network classifier to identify bot nodes within an unknown network with better performance than the current state-of-the-art GNN based method.

AB - Botnets are an ever-growing threat to private users, small companies, and even large corporations. They are known for spamming, mass downloads, and launching distributed denial-of-service (DDoS) attacks that have a destructive impact on large corporations. With the rise of internet-of-things (IoT) devices, they are also used to mine cryptocurrency, intercept data in transit and send logs containing sensitive information to the master botnet. Many approaches have been developed to detect botnet activities. A few approaches employ graph neural networks (GNN) to analyze the behavior of hosts using a directed graph to represent their communications. However, while designed to capture structural graph properties, GNN may overfit, and therefore fail to capture these properties when the network is unknown. In this work we hypothesize that structural graph patterns can be used to effectively detect Botnets. We then propose a structural iterative representation learning approach for graph nodes, which is designed to perform well on unseen data, called Inferential SIR-GN. Our model creates a vector representation for each node that epitomizes its structural information. We demonstrate that this set of node representation vectors can be used with a neural network classifier to identify bot nodes within an unknown network with better performance than the current state-of-the-art GNN based method.

KW - Botnet Detection

KW - Machine Learning

KW - Structural Graph Representation Learning

UR - https://www.scopus.com/pages/publications/85125358632

U2 - 10.1109/BigData52589.2021.9671728

DO - 10.1109/BigData52589.2021.9671728

M3 - Conference contribution

T3 - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

SP - 5357

EP - 5364

BT - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

A2 - Chen, Yixin

A2 - Ludwig, Heiko

A2 - Tu, Yicheng

A2 - Fayyad, Usama

A2 - Zhu, Xingquan

A2 - Hu, Xiaohua Tony

A2 - Byna, Suren

A2 - Liu, Xiong

A2 - Zhang, Jianping

A2 - Pan, Shirui

A2 - Papalexakis, Vagelis

A2 - Wang, Jianwu

A2 - Cuzzocrea, Alfredo

A2 - Ordonez, Carlos

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE International Conference on Big Data, Big Data 2021

Y2 - 15 December 2021 through 18 December 2021

ER -

Carpenter J, Layne J, Serra E, Cuzzocrea A. Detecting Botnet Nodes via Structural Node Representation Learning. In Chen Y, Ludwig H, Tu Y, Fayyad U, Zhu X, Hu XT, Byna S, Liu X, Zhang J, Pan S, Papalexakis V, Wang J, Cuzzocrea A, Ordonez C, editors, Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 5357-5364. (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021). doi: 10.1109/BigData52589.2021.9671728

Detecting Botnet Nodes via Structural Node Representation Learning

Abstract

Publication series

Conference

Keywords

EGS Disciplines

Access to Document

Other files and links

Fingerprint

Cite this