[1]景永俊,吴 悔,陈 旭,等.基于图重构和子图挖掘的僵尸网络检测方法[J].郑州大学学报(工学版),2025,46(01):34-41.[doi:10.13705/j.issn.1671-6833.2024.04.004]
 JING Yongjun,WU Hui,CHEN Xu,et al.Botnet Detection Method Based on Graph Reconstruction and Subgraph Mining[J].Journal of Zhengzhou University (Engineering Science),2025,46(01):34-41.[doi:10.13705/j.issn.1671-6833.2024.04.004]
点击复制

基于图重构和子图挖掘的僵尸网络检测方法()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
46
期数:
2025年01期
页码:
34-41
栏目:
出版日期:
2024-12-23

文章信息/Info

Title:
Botnet Detection Method Based on Graph Reconstruction and Subgraph Mining
文章编号:
1671-6833(2025)01-0034-08
作者:
景永俊12 吴 悔2 陈 旭2 宋吉飞3
1.合肥工业大学 计算机与信息学院,安徽 合肥 230601;2.北方民族大学 计算机科学与工程学院,宁夏 银川 750021;3.国家(中卫)新型互联网交换中心,宁夏 中卫 755000
Author(s):
JING Yongjun12 WU Hui2 CHEN Xu2 SONG Jifei3
1.School of Computer Science and Information Engineering, Hefei University of Technology, Hefei 230601, China; 2.School of Computer Science and Engineering, North Minzu University, Yinchuan 750021, China; 3.National (Zhongwei) New-type Internet Exchange Point, Zhongwei 755000, China
关键词:
僵尸网络 子图挖掘 图重构 网络安全 预检测
Keywords:
botnet subgraph mining graph reconstruction cybersecurity pre-detection
分类号:
TP391TP393
DOI:
10.13705/j.issn.1671-6833.2024.04.004
文献标志码:
A
摘要:
针对伪装后僵尸网络主机难以检测的问题,提出一种基于图重构和子图挖掘的僵尸网络检测方法(GRSGM)。首先,将网络数据转化为图数据,并对其进行重构以此增强主机节点特征表示;其次,基于重构图中拓扑结构、节点的特征和位置变化设计僵尸网络子图评分函数,以此捕捉伪装后的特征,提取出僵尸网络子图,并对原始图和重构图进行预检测,以提高检测的准确率和效率,减少重构误差;最后,对预检测结果和僵尸网络子图进行综合评分,以获取完整的僵尸网络信息。在ISCX2014僵尸网络数据集和CICIDS2017僵尸网络数据集上的实验结果表明:GR-SGM的检测准确率分别达到99.98%和99.91%,F1分别达到99.94%和99.65%,相较于其他僵尸网络检测模型,GR-SGM能更加高效准确地识别僵尸网络节点,同时具有更低的误报率。
Abstract:
Aiming at the problem that disguised botnet hosts are difficult to detect, a botnet detection method based on graph reconstruction and subgraph mining (GR-SGM) was proposed. Firstly, network data was converted into graph data which was reconstructed to enhance the host node feature representation. Then, based on the topological structure, node characteristics, and position changes in the reconstructed graph, a botnet subgraph scoring function was designed. In this way, the camouflaged features were captured, the botnet subgraph was extracted, and the original and reconstructed graphs were pre-detected to improve detection accuracy and efficiency reducing reconstruction errors. Finally, the pre-detection results and botnet subgraphs were comprehensively scored to obtain complete botnet information. Experimental results on the ISCX2014 botnet dataset and CICIDS2017 botnet dataset showed that the detection accuracy of GR-SGM was 99.98% and 99.91%, respectively, and the F1 reached 99.94% and 99.65%, respectively. Compared with other botnet detection models, GR-SGM could identify botnet nodes more efficiently and accurately, while having a lower false alarm rate.

参考文献/References:

[1]CHEN S C, CHEN Y R, TZENG W G. Effective botnet detection through neural networks on convolutional features[C]∥2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). Piscataway: IEEE, 2018: 372-378. 

[2]SRINIVASAN S, P D. Enhancing the security in cyberworld by detecting the botnets using ensemble classification based machine learning[J]. Measurement: Sensors, 2023, 25: 100624. 
[3]汪祖民, 王冬昊, 梁霞, 等. 基于DBSCAN_GAN_XGBoost的网络入侵检测方法[J]. 郑州大学学报(工学版), 2022, 43(3): 44-51. 
WANG Z M, WANG D H, LIANG X, et al. Network intrusion detection method based on DBSCAN_GAN_XGBoost[J]. Journal of Zhengzhou University (Engineering Science), 2022, 43(3): 44-51. 
[4]HAQ M A. DBoTPM: a deep neural network-based botnet prediction model[J]. Electronics, 2023, 12(5): 1159. 
[5]ZHAO J, LIU X D, YAN Q B, et al. Multi-attributed heterogeneous graph convolutional network for bot detection[J]. Information Sciences, 2020, 537: 380-393. 
[6]JOSHI H P, DUTTA R. A reinforcement approach for detecting P2P botnet communities in dynamic communication graphs[C]∥ICC 2022-IEEE International Conference on Communications. Piscataway: IEEE, 2022: 56-61. 
[7]ALSENTZER E, FINLAYSON S G, LI M M, et al. Subgraph neural networks[C]∥Proceedings of the 34th International Conference on Neural Information Processing Systems. New York: ACM, 2020: 8017-8029. 
[8]LI J X, SUN Q Y, PENG H, et al. Adaptive subgraph neural network with reinforced critical structure mining [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2023, 45(7): 8063-8080. 
[9]ZHANG Z, ZHAO L. Unsupervised deep subgraph anomaly detection[C]∥2022 IEEE International Conference on Data Mining (ICDM). Piscataway: IEEE, 2023: 753-762. 
[10] VELASCO-MATA J, GONZÁLEZ-CASTRO V, FIDALGO E, et al. Real-time botnet detection on large network bandwidths using machine learning[J]. Scientific Reports, 2023, 13(1): 1-10. 
[11] SHAHHOSSEINI M, MASHAYEKHI H, REZVANI M. A deep learning approach for botnet detection using raw network traffic data[J]. Journal of Network and Systems Management, 2022, 30(3): 1-23. 
[12] TULASI RATNAKAR P, UDAY VISHAL N, SAI SIDDHARTH P, et al. Detection of IoT botnet using recurrent neural network[C]∥ Intelligent Data Communication Technologies and Internet of Things. Cham: Springer, 2022: 869-884.
[13] ZHOU J W, XU Z Y, RUSH A M, et al. Automating botnet detection with graph neural networks[EB/OL]. (2022-03-13)[2024-02-10]. https:∥arxiv. org/ abs/2003.06344. 
[14] BEIGI E B, JAZI H H, STAKHANOVA N, et al. Towards effective feature selection in machine learningbased botnet detection approaches[C]∥2014 IEEE Conference on Communications and Network Security. Piscataway: IEEE, 2014: 247-255. 
[15] ENGELEN G, RIMMER V, JOOSEN W. Troubleshooting an intrusion detection dataset: the CICIDS2017 case study[C]∥2021 IEEE Security and Privacy Workshops (SPW). Piscataway: IEEE, 2021: 7-12. 
[16] TRAN D, MAC H, TONG V, et al. A LSTM based framework for handling multiclass imbalance in DGA botnet detection[J]. Neurocomputing, 2018, 275: 2401-2413. 
[17] MEIDAN Y, BOHADANA M, MATHOV Y, et al. NBaIoT—network-based detection of IoT botnet attacks using deep autoencoders[J]. IEEE Pervasive Computing, 2018, 17(3): 12-22. 
[18] CHO K, VAN MERRIENBOER B, GULCEHRE C, et al. Learning phrase representations using RNN encoderdecoder for statistical machine translation[EB/OL]. (2014-09-03)[2024-02-10]. https:∥arxiv. org/ abs/1406.1078. 
[19] CARPENTER J, LAYNE J, SERRA E, et al. Detecting botnet nodes via structural node representation learning [C]∥2021 IEEE International Conference on Big Data (Big Data). Piscataway: IEEE, 2022: 5357-5364. 
[20] VELI ˇ CKOVIC’ P, CUCURULL G, CASANOVA A, et al. Graph attention networks[EB/OL]. (2018-02-04) [2024-02-10]. https:∥arxiv.org/abs/1710.10903. 
[21] HAMILTON W L, YING R, LESKOVEC J. Inductive representation learning on large graphs[EB/OL].(2018-0910)[2024-02-10]. https:∥arxiv.org/abs/1706.02216.

更新日期/Last Update: 2024-12-30