Structural Node Representation Learning for Detecting Botnet Nodes

Justin Carpenter; Janet Layne; Edoardo Serra; Alfredo Cuzzocrea; Carmine Gallo

doi:10.1007/978-3-031-36805-9_47

Structural Node Representation Learning for Detecting Botnet Nodes

Justin Carpenter, Janet Layne, Edoardo Serra, Alfredo Cuzzocrea, Carmine Gallo

Computer Science Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Private consumers, small businesses, and even large enterprises are all more at risk from botnets. These botnets are known for spearheading Distributed Denial-Of-Service (DDoS) attacks, spamming large populations of users, and causing critical harm to major organizations. The development of Internet-of-Things (IoT) devices led to the use of these devices for cryptocurrency mining, in transit data interception, and sending logs containing private data to the master botnet. Different techniques have been developed to identify these botnet activities, but only a few use Graph Neural Networks (GNNs) to analyze host activity by representing their communications with a directed graph. Although GNNs are intended to extract structural graph properties, they risk to cause overfitting, which leads to failure when attempting to do so from an unidentified network. In this study, we test the notion that structural graph patterns might be used for efficient botnet detection. In this study, we also present SIR-GN, a structural iterative representation learning methodology for graph nodes. Our approach is built to work well with untested data, and our model is able to provide a vector representation for every node that captures its structural information. Finally, we demonstrate that, when the collection of node representation vectors is incorporated into a neural network classifier, our model outperforms the state-of-the-art GNN based algorithms in the detection of bot nodes within unknown networks.

Original language	English
Title of host publication	Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings
Editors	Osvaldo Gervasi, Beniamino Murgante, David Taniar, Bernady O. Apduhan, Ana Cristina Braga, Chiara Garau, Anastasia Stratigea
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	731-743
Number of pages	13
ISBN (Print)	9783031368042
DOIs	https://doi.org/10.1007/978-3-031-36805-9_47
State	Published - 2023
Event	23rd International Conference on Computational Science and Its Applications , ICCSA 2023 - Athens, Greece Duration: 3 Jul 2023 → 6 Jul 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13956 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd International Conference on Computational Science and Its Applications , ICCSA 2023
Country/Territory	Greece
City	Athens
Period	3/07/23 → 6/07/23

Keywords

Botnet Detection
Machine Learning

Access to Document

10.1007/978-3-031-36805-9_47

Cite this

Carpenter, J., Layne, J., Serra, E., Cuzzocrea, A., & Gallo, C. (2023). Structural Node Representation Learning for Detecting Botnet Nodes. In O. Gervasi, B. Murgante, D. Taniar, B. O. Apduhan, A. C. Braga, C. Garau, & A. Stratigea (Eds.), Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings (pp. 731-743). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13956 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-36805-9_47

Carpenter, Justin ; Layne, Janet ; Serra, Edoardo et al. / Structural Node Representation Learning for Detecting Botnet Nodes. Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings. editor / Osvaldo Gervasi ; Beniamino Murgante ; David Taniar ; Bernady O. Apduhan ; Ana Cristina Braga ; Chiara Garau ; Anastasia Stratigea. Springer Science and Business Media Deutschland GmbH, 2023. pp. 731-743 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b555bd419f90446587ffa6c1e6b30f54,

title = "Structural Node Representation Learning for Detecting Botnet Nodes",

abstract = "Private consumers, small businesses, and even large enterprises are all more at risk from botnets. These botnets are known for spearheading Distributed Denial-Of-Service (DDoS) attacks, spamming large populations of users, and causing critical harm to major organizations. The development of Internet-of-Things (IoT) devices led to the use of these devices for cryptocurrency mining, in transit data interception, and sending logs containing private data to the master botnet. Different techniques have been developed to identify these botnet activities, but only a few use Graph Neural Networks (GNNs) to analyze host activity by representing their communications with a directed graph. Although GNNs are intended to extract structural graph properties, they risk to cause overfitting, which leads to failure when attempting to do so from an unidentified network. In this study, we test the notion that structural graph patterns might be used for efficient botnet detection. In this study, we also present SIR-GN, a structural iterative representation learning methodology for graph nodes. Our approach is built to work well with untested data, and our model is able to provide a vector representation for every node that captures its structural information. Finally, we demonstrate that, when the collection of node representation vectors is incorporated into a neural network classifier, our model outperforms the state-of-the-art GNN based algorithms in the detection of bot nodes within unknown networks.",

keywords = "Botnet Detection, Machine Learning",

author = "Justin Carpenter and Janet Layne and Edoardo Serra and Alfredo Cuzzocrea and Carmine Gallo",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 23rd International Conference on Computational Science and Its Applications , ICCSA 2023 ; Conference date: 03-07-2023 Through 06-07-2023",

year = "2023",

doi = "10.1007/978-3-031-36805-9_47",

language = "English",

isbn = "9783031368042",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "731--743",

editor = "Osvaldo Gervasi and Beniamino Murgante and David Taniar and Apduhan, {Bernady O.} and Braga, {Ana Cristina} and Chiara Garau and Anastasia Stratigea",

booktitle = "Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings",

address = "Germany",

}

Carpenter, J, Layne, J, Serra, E, Cuzzocrea, A & Gallo, C 2023, Structural Node Representation Learning for Detecting Botnet Nodes. in O Gervasi, B Murgante, D Taniar, BO Apduhan, AC Braga, C Garau & A Stratigea (eds), Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13956 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 731-743, 23rd International Conference on Computational Science and Its Applications , ICCSA 2023, Athens, Greece, 3/07/23. https://doi.org/10.1007/978-3-031-36805-9_47

Structural Node Representation Learning for Detecting Botnet Nodes. / Carpenter, Justin; Layne, Janet; Serra, Edoardo et al.
Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings. ed. / Osvaldo Gervasi; Beniamino Murgante; David Taniar; Bernady O. Apduhan; Ana Cristina Braga; Chiara Garau; Anastasia Stratigea. Springer Science and Business Media Deutschland GmbH, 2023. p. 731-743 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13956 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Structural Node Representation Learning for Detecting Botnet Nodes

AU - Carpenter, Justin

AU - Layne, Janet

AU - Serra, Edoardo

AU - Cuzzocrea, Alfredo

AU - Gallo, Carmine

PY - 2023

Y1 - 2023

N2 - Private consumers, small businesses, and even large enterprises are all more at risk from botnets. These botnets are known for spearheading Distributed Denial-Of-Service (DDoS) attacks, spamming large populations of users, and causing critical harm to major organizations. The development of Internet-of-Things (IoT) devices led to the use of these devices for cryptocurrency mining, in transit data interception, and sending logs containing private data to the master botnet. Different techniques have been developed to identify these botnet activities, but only a few use Graph Neural Networks (GNNs) to analyze host activity by representing their communications with a directed graph. Although GNNs are intended to extract structural graph properties, they risk to cause overfitting, which leads to failure when attempting to do so from an unidentified network. In this study, we test the notion that structural graph patterns might be used for efficient botnet detection. In this study, we also present SIR-GN, a structural iterative representation learning methodology for graph nodes. Our approach is built to work well with untested data, and our model is able to provide a vector representation for every node that captures its structural information. Finally, we demonstrate that, when the collection of node representation vectors is incorporated into a neural network classifier, our model outperforms the state-of-the-art GNN based algorithms in the detection of bot nodes within unknown networks.

AB - Private consumers, small businesses, and even large enterprises are all more at risk from botnets. These botnets are known for spearheading Distributed Denial-Of-Service (DDoS) attacks, spamming large populations of users, and causing critical harm to major organizations. The development of Internet-of-Things (IoT) devices led to the use of these devices for cryptocurrency mining, in transit data interception, and sending logs containing private data to the master botnet. Different techniques have been developed to identify these botnet activities, but only a few use Graph Neural Networks (GNNs) to analyze host activity by representing their communications with a directed graph. Although GNNs are intended to extract structural graph properties, they risk to cause overfitting, which leads to failure when attempting to do so from an unidentified network. In this study, we test the notion that structural graph patterns might be used for efficient botnet detection. In this study, we also present SIR-GN, a structural iterative representation learning methodology for graph nodes. Our approach is built to work well with untested data, and our model is able to provide a vector representation for every node that captures its structural information. Finally, we demonstrate that, when the collection of node representation vectors is incorporated into a neural network classifier, our model outperforms the state-of-the-art GNN based algorithms in the detection of bot nodes within unknown networks.

KW - Botnet Detection

KW - Machine Learning

UR - http://www.scopus.com/inward/record.url?scp=85164960805&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-36805-9_47

DO - 10.1007/978-3-031-36805-9_47

M3 - Conference contribution

AN - SCOPUS:85164960805

SN - 9783031368042

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 731

EP - 743

BT - Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings

A2 - Gervasi, Osvaldo

A2 - Murgante, Beniamino

A2 - Taniar, David

A2 - Apduhan, Bernady O.

A2 - Braga, Ana Cristina

A2 - Garau, Chiara

A2 - Stratigea, Anastasia

PB - Springer Science and Business Media Deutschland GmbH

T2 - 23rd International Conference on Computational Science and Its Applications , ICCSA 2023

Y2 - 3 July 2023 through 6 July 2023

ER -

Carpenter J, Layne J, Serra E, Cuzzocrea A, Gallo C. Structural Node Representation Learning for Detecting Botnet Nodes. In Gervasi O, Murgante B, Taniar D, Apduhan BO, Braga AC, Garau C, Stratigea A, editors, Computational Science and Its Applications – ICCSA 2023 - 23rd International Conference, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 731-743. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-36805-9_47

Structural Node Representation Learning for Detecting Botnet Nodes

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this