P2P Botnet Detection Method Based on Graph Neural Network

被引：0

作者：

Lin H. ^{[1
,2
,3
]}

Zhang Y. ^{[1
,2
]}

Guo N. ^{[1
,2
]}

Chen L. ^{[3
]}

机构：

[1] School of Cyberspace Security, Chengdu Univ. of Info.Technol., Chengdu

[2] Advanced Cryptography and System Security Key Lab. of Sichuan Province, Chengdu

[3] Anhui Province Key Lab. of Cyberspace Security Situation Awareness and Evaluation, Hefei

来源：

Gongcheng Kexue Yu Jishu/Advanced Engineering Sciences | 2022年 / 54卷 / 02期

关键词：

Attention mechanism; Deep learning; Graph convolution neural networks; Graph fusion; P2P botnet;

D O I：

10.15961/j.jsuese.202100784

中图分类号：

学科分类号：

摘要：

P2P botnet has become a new network attack platform because of its high concealment and robustness, which poses an increasing threat to cyberspace security. However, the existing detection methods based on rule analysis or traffic analysis can't detect it effectively. In order to solve the problems of strong concealment and difficult identification of P2P botnets, a P2P botnet detection method based on graph neural network (GNN) was proposed. The method was based on the information of P2P botnet node interaction and network topology to realize detection and did not rely on the characteristics of traffic protocol. Firstly, the source IP, the destination IP, the outdegree, the indegree and the node betweenness centrality in P2P botnet traffic were extracted to construct a topology graph, an out-degree and in-degree graph and a betweenness centrality graph; Then, the weighted sum of adjacency matrices of the three feature graphs was fused by element-wise product to input into the detection model; Then, a graph convolution neural network based on attention mechanism was used to extract the features between nodes, and the neural collaborative filtering algorithm was used to realize the attention probability distribution of the central node and complete the node state update; Using the close connectivity between multi-layer graph convolution layers, the dimension reduction extraction of interactive features and the mining of high-order structure information were realized. The internal characteristics of botnet were automatically learned, and the botnet detection was completed through the node classification module. The proposed method was validated on the ISCX-2014 botnet dataset. The experimental results showed that the proposed deep graph neural network method outperforms the other two comparative methods in terms of detection accuracy and model stability when the training sample contains botnet nodes of large size. The model can effectively improve the detection ability and generalization ability of P2P botnets, as well as reduce the false positive rate. Copyright ©2022 Advanced Engineering Sciences. All rights reserved.

引用

页码：65 / 72

页数：7

共 25 条

[1] Wu Di, Cui Xiang, Liu Qixu, Et al., Research on ubiquitous botnet, Netinfo Security, 7, pp. 16-28, (2018)
[2] Chen Xingshu, Zeng Xuemei, Wang Wenxian, Et al., Big data analytics for network security and intelligence, Advanced Engineering Sciences, 49, 3, pp. 1-12, (2017)
[3] Algelal Z M, Ghani Aldhaher E A, Abdul-Wadood D N, Et al., Botnet detection using ensemble classifiers of network flow, International Journal of Electrical and Computer Engineering (IJECE), 10, 3, (2020)
[4] Wu Di, Fang Binxing, Cui Xiang, Et al., BotCatcher: Botnet detection system based on deep learning, Journal on Communications, 39, 8, pp. 18-28, (2018)
[5] Niu Weina, Zhang Xiaosong, Sun Enbo, Et al., Two stage P2P botnet detection method based on flow similarity, Journal of University of Electronic Science and Technology of China, 46, 6, pp. 902-906, (2017)
[6] Wang Wei, Zhu Ming, Zeng Xuewen, Et al., Malware traffic classification using convolutional neural network for representation learning, Proceedings of the 2017 International Conference on Information Networking (ICOIN), pp. 712-717, (2017)
[7] Luo Fuhua, Zhang Aixin, Botnet detection technology based on deep learning, Communications Technology, 53, 1, pp. 174-179, (2020)
[8] Zheng Li, Li Zhenpeng, Li Jian, Et al., AddGraph: Anomaly detection in dynamic graph using attention-based temporal GCN, Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, pp. 4419-4425, (2019)
[9] Xie Kun, Li Xiaocan, Wang Xin, Et al., Graph based tensor recovery for accurate Internet anomaly detection, Proceedings of the IEEE Conference on Computer Communications (IEEE INFOCOM 2018 ), pp. 1502-1510, (2018)
[10] Deng Ailin, Hooi B., Graph neural network-based anomaly detection in multivariate time series

← 1 2 3 →