BotChase: Graph-Based Bot Detection Using Machine Learning

Daya, Abbas Abou; Salahuddin, Mohammad A.; Limam, Noura; Boutaba, Raouf

doi:10.1109/tnsm.2020.2972405

Cited by 56 publications

(54 citation statements)

References 48 publications

(74 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Orabi et al [20] identified 53 different methods in their survey of the bot classification literature. In general, supervised and unsupervised methods can be distinguished [20] that are sometimes even combined [21]. Cresci [22] points out in his survey of the last decade of bot detection research that while the early days of bot detection methods were coined by supervised classifiers focusing on single accounts, more recently, many unsupervised methods [17,23] focusing on groups [23] instead of single accounts were developed.…”

Section: Introductionmentioning

confidence: 99%

The False positive problem of automatic bot detection in social science research

Rauchfleisch¹,

Kaiser²

2020

PLoS ONE

127

View full text Add to dashboard Cite

The identification of bots is an important and complicated task. The bot classifier "Botometer" was successfully introduced as a way to estimate the number of bots in a given list of accounts and, as a consequence, has been frequently used in academic publications. Given its relevance for academic research and our understanding of the presence of automated accounts in any given Twitter discourse, we are interested in Botometer's diagnostic ability over time. To do so, we collected the Botometer scores for five datasets (three verified as bots, two verified as human; n = 4,134) in two languages (English/German) over three months. We show that the Botometer scores are imprecise when it comes to estimating bots; especially in a different language. We further show in an analysis of Botometer scores over time that Botometer's thresholds, even when used very conservatively, are prone to variance, which, in turn, will lead to false negatives (i.e., bots being classified as humans) and false positives (i.e., humans being classified as bots). This has immediate consequences for academic research as most studies in social science using the tool will unknowingly count a high number of human users as bots and vice versa. We conclude our study with a discussion about how computational social scientists should evaluate machine learning systems that are developed for identifying bots.

show abstract

Section: Introductionmentioning

confidence: 99%

The False positive problem of automatic bot detection in social science research

Rauchfleisch¹,

Kaiser²

2020

PLoS ONE

127

View full text Add to dashboard Cite

show abstract

“…In recent years, many researchers [10]- [18] attempted to analyze the impact of using communication graphs to represent hosts activates. The true structure of network communications, host interactions, and host behaviors are captured by graph-based features derived from high-level flow information.…”

Section: Background and Related Work A Botnet Detectionmentioning

confidence: 99%

“…Botchase [10] applied a hybrid supervised and unsupervised learning with graph-based features to detect botnets. According to the experiments performed by the authors, stand-alone classifiers are insufficient in terms of training time, precision, and overall accuracy performance.…”

Section: Background and Related Work A Botnet Detectionmentioning

confidence: 99%

“…These features serve as discriminators in learning and inference. Some existing botnet detection techniques rely on traffic features or packet information; however, when traffic patterns are confidential or encrypted, these techniques become obsolete; additionally, traffic patterns may be intentionally altered to avoid detection [10]. Moreover, one of the major drawbacks of flow-based ML techniques to detect botnets is that they do not capture the dynamic topological structure of communication networks.…”

Section: Introductionmentioning

confidence: 99%

“…In recent years, many approaches have been proposed that leverage graph-based features to represent the true behavior of hosts [10]- [18]. Botnet detection using graph-based features takes advantage of the disparity in neighborhoods between anomalous and normal nodes in communication graphs.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Botnet Detection Approach Using Graph-Based Machine Learning

Alharbi

Alsubhi

2021

IEEE Access

View full text Add to dashboard Cite

Detecting botnet threats has been an ongoing research endeavor. Machine Learning (ML) techniques have been widely used for botnet detection with flow-based features. The prime challenges with flow-based features are that they have high computational overhead and do not fully capture network communication patterns. Recently, graph-based ML has witnessed a dramatic increase in attention. In communication networks, graph data offers insights information about the communication patterns. In this paper, we propose a graph-based ML model for botnet detection that first considers the significance of graph features before developing a generalized model for detecting botnets based on the selected important features. We explore different feature sets selected using five filter-based feature evaluation measures derived from various theories such as consistency, correlation, and information. Two heterogeneous botnet datasets, CTU-13 and IoT-23, were used to evaluate the effectiveness of the proposed graph-based botnet detection with several supervised ML algorithms. Experiment results show that using features reduces training time and model complexity and provides high bot detection rate. Our proposed detection model detects different types of botnets families and exhibits robustness to zero-day attacks. Compared to state-of-the-art techniques flow-, and graph-based, our approach achieves higher precision and shows competitive accuracy.

show abstract

Effective injection of adversarial botnet attacks in IoT ecosystem using evolutionary computing

Bhale

Biswas

Nandi

2023

Internet Technology Letters

View full text Add to dashboard Cite

With the widespread adoption of Internet of Things (IoT) technologies, botnet attacks have become the most prevalent cyberattack. In order to combat botnet attacks, there has been a considerable amount of research on botnet attacks in IoT ecosystems by graph‐based machine learning (GML). The majority of GML models are vulnerable to adversarial attacks (ADAs). These ADAs were created to assess the robustness of existing ML‐based security solutions. In this letter, we present a novel adversarial botnet attack (ADBA) that modifies the graph data structure using genetic algorithms (GAs) to trick the graph‐based botnet attack detection system. According to the experiment results and comparative analysis, the proposed ADBA can be executed on resource‐constrained IoT nodes. It offers a substantial performance gain of 2.15 s, 52 kb, 92 817 mJ, 97.8%, and 27.74%–41.82% over other approaches in term of Computing Time (CT), Memory Usage (MU), Energy Usage (EU), Attack Success Rate (ASR) and Accuracy (ACC) metrics, respectively.

show abstract

BotChase: Graph-Based Bot Detection Using Machine Learning

Cited by 56 publications

References 48 publications

The False positive problem of automatic bot detection in social science research

The False positive problem of automatic bot detection in social science research

Botnet Detection Approach Using Graph-Based Machine Learning

Effective injection of adversarial botnet attacks in IoT ecosystem using evolutionary computing

Contact Info

Product

Resources

About