Botnet Detection Approach Using Graph-Based Machine Learning

Detecting botnet threats has been an ongoing research endeavor. Machine Learning (ML) techniques have been widely used for botnet detection with flow-based features. The prime challenges with flow-based features are that they have high computational overhead and do not fully capture network communication patterns. Recently, graph-based ML has witnessed a dramatic increase in attention. In communication networks, graph data offers insights information about communication patterns between hosts. In this paper, we propose a graph-based ML model for botnet detection that first considers the significance of graph features before developing a generalized model for detecting botnets based on the selected important features. We explore different feature sets selected using five filter-based feature evaluation measures derived from various theories such as consistency, correlation, and information. Two heterogeneous botnet datasets, CTU-13 and IoT-23, were used to evaluate the effectiveness of the proposed graph-based botnet detection with several supervised ML algorithms. Experiment results show that using features reduces training time and model complexity and provides high bots detection rate. Our proposed detection model detects different types of botnet families and exhibits robustness to zero-day attacks. Compared to state-of-the-art techniques flow-, and graph-based, our approach achieves higher precision and shows competitive accuracy.