BotSward: Centrality Measures for Graph-Based Bot Detection Using Machine Learning

作     者：Khlood Shinan Khalid Alsubhi M.Usman Ashraf 

作者机构：Department of Computer ScienceCollege Computer Science in Al-LeithUmm Al-Qura UniversityMecca 21421Saudi Arabia Department of Computer ScienceFaculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddah 21589Saudi Arabia Department of Computer ScienceGC Women University SialkotPakistan 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2023年第74卷第1期

页      面：693-714页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 081104[工学-模式识别与智能系统] 08[工学] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Network security botnet detection graph-based features machine learning measure centrality 

摘      要：The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the *** detection using machine learning(ML)with flow-based features has been extensively studied in the *** flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features ofmalicious ***,Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations,as graphs provide a real representation of network *** purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and *** propose BotSward,a graph-based bot detection system that is based on *** apply the efficient centrality measures,which are Closeness Centrality(CC),Degree Centrality(CC),and PageRank(PR),and compare them with others used in the *** efficiency of the proposed method is verified on the available Czech Technical University 13 dataset(CTU-13).The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control(C&C)channel and that cause malicious actions such as phishing,distributed denial-of-service(DDoS)attacks,spam attacks,*** is robust to zero-day attacks,suitable for large-scale datasets,and is intended to produce better accuracy than state-of-the-art *** proposed BotSward solution achieved 99%accuracy in botnet attack detection with a false positive rate as low as 0.0001%.