Leveraging Graph Neural Networks for Botnet Detection

Guarding the cyberinfrastructure is critical to ensure the proper transmission and availability of computer network services, information, and data. The proliferation in the number of cyber attacks launched on the cyberinfrastructure by making data unprocurable and network services inaccessible is on the rise. Botnets are considered one of the most sophisticated cybersecurity threats to the cyberinfrastructure and are becoming more daunting with time. Developing an efficient and robust botnet detection technique is a priority to ensure the security and reachability of the cyberinfrastructure. In this research, we introduce a solution and explore the use of a novel neural network architecture leveraging a graph-based learning approach, namely Graph Neural Network (GNN) for botnet detection. GNN was used to benefit from the unique architecture of botnets and to omit the feature engineering step of the machine learning pipeline as it is a costly and cumbersome process. Additionally, we report the effectiveness of different GNN variations in terms of detecting botnets to get an insight into the performance of each model. The ISCX-Bot-2014 dataset was used to create a graph data object for the training and testing of our proposed approach. The results show our proposed GNN solution’s ability to generalize to unseen botnets and perform better compared to other relevant work from the literature with an accuracy that exceeds 94%.