XG-BoT: An Explainable Deep Graph Neural Network for Botnet Detection and Forensics
| Autor: | Wai Weng Lo, Gayan Kulatilleke, Mohanad Sarhan, Siamak Layeghy, Marius Portmann |
|---|---|
| Rok vydání: | 2022 |
| Předmět: |
Networking and Internet Architecture (cs.NI)
FOS: Computer and information sciences Computer Science - Machine Learning Computer Science - Cryptography and Security Computer Science Applications Machine Learning (cs.LG) Computer Science - Networking and Internet Architecture Artificial Intelligence Hardware and Architecture Management of Technology and Innovation Computer Science (miscellaneous) Engineering (miscellaneous) Cryptography and Security (cs.CR) Software Information Systems |
| DOI: | 10.48550/arxiv.2207.09088 |
| Popis: | In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and an explainer for automatic forensics. The XG-BoT detector can effectively detect malicious botnet nodes in large-scale networks. Specifically, it utilizes a grouped reversible residual connection with a graph isomorphism network to learn expressive node representations from botnet communication graphs. The explainer, based on the GNNExplainer and saliency map in XG-BoT, can perform automatic network forensics by highlighting suspicious network flows and related botnet nodes. We evaluated XG-BoT using real-world, large-scale botnet network graph datasets. Overall, XG-BoT outperforms state-of-the-art approaches in terms of key evaluation metrics. Additionally, we demonstrate that the XG-BoT explainers can generate useful explanations for automatic network forensics. Comment: Accepted by Internet of Things, Elsevier |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|