Go to OpenReview Archive homepageGraphBot: Botnet Detection via Dynamic Graph Representation Learning
Abstract: Botnets, networks of compromised devices controlled remotely by attackers, are particularly threatening due to their ability to conduct various cyber-attacks, such as Distributed Denial of Service (DDoS) attacks, data theft, and spamming. Existing botnet detection methods often rely on static or manually designed features, which are increasingly ineffective against modern botnets that utilize sophisticated encryption and evasion techniques. In this paper, we propose GraphBot, a novel botnet detection method that leverages dynamic graph representation learning to overcome these challenges. GraphBot introduces the concept of superflows, which are collections of network flows exhibiting similar behavior. It constructs a superflow correlation graph with timestamps to model temporal correlations and continuously updates node representations. This dynamic learning framework effectively captures the complex and evolving patterns in network traffic. We evaluate GraphBot on two public datasets, and the experimental results demonstrate that GraphBot outperforms state-of-the-art botnet detection methods, achieving high precision and recall while maintaining a low false positive rate. These highlight GraphBot’s robustness, reliability, and practical applicability in real-world network security scenarios.
Loading