Detecting Botnet Nodes via Structural Node Representation Learning

Carpenter, Justin; Layne, Janet; Serra, Edoardo; Cuzzocrea, Alfredo

doi:10.1109/bigdata52589.2021.9671728

Cited by 7 publications

(5 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On a different dataset built from background traffic and synthetic botnet topologies, the authors in paper [68] suggest to leverage Inferential SIR_GN [83], a model able to generalize on unseen and very large graphs and that privileges node structural similarity. Indeed, the authors suggest that GNNs may not be fitted for botnet detection as they consider the node proximity similarity an important indicator in the learning process.…”

Section: ) Network Intrusion Detection With Flow Graphsmentioning

confidence: 99%

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Cyberattacks represent an ever-growing threat that has become a real priority for most organizations. Attackers use sophisticated attack scenarios to deceive defense systems in order to access private data or cause harm. Machine Learning (ML) and Deep Learning (DL) have demonstrate impressive results for detecting cyberattacks due to their ability to learn generalizable patterns from flat data. However, flat data fail to capture the structural behavior of attacks, which is essential for effective detection. Contrarily, graph structures provide a more robust and abstract view of a system that is difficult for attackers to evade. Recently, Graph Neural Networks (GNNs) have become successful in learning useful representations from the semantic provided by graph-structured data. Intrusions have been detected for years using graphs such as network flow graphs or provenance graphs, and learning representations from these structures can help models understand the structural patterns of attacks, in addition to traditional features. In this survey, we focus on the applications of graph representation learning to the detection of network-based and hostbased intrusions, with special attention to GNN methods. For both network and host levels, we present the graph data structures that can be leveraged and we comprehensively review the state-of-the-art papers along with the used datasets. Our analysis reveals that GNNs are particularly efficient in cybersecurity, since they can learn effective representations without requiring any external domain knowledge. We also evaluate the robustness of these techniques based on adversarial attacks. Finally, we discuss the strengths and weaknesses of GNN-based intrusion detection and identify future research directions.INDEX TERMS Cyberattacks, cybersecurity, deep learning (DL), graph neural networks (GNNs), intrusion detection (IDS), machine learning (ML).

show abstract

Section: ) Network Intrusion Detection With Flow Graphsmentioning

confidence: 99%

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In the field of cybersecurity, tasks such as node classification, edge classification and graph classification are frequently used. Node classification aims at finding a label for a specific object in the graph such as detecting a botnet node in a network [27][28][29], whereas edge classification is applied to assign a label to a relation or event, such as detecting a malicious authentication request [30,31]. On the other hand, graph classification maps the whole graph to a label.…”

Section: Graph Representationmentioning

confidence: 99%

“…Another approach trained on background traffic with embedded synthetic botnet topologies is considered in reference [28]. Here, the Inferential SIR_GN model is used to generalize on unseen and very large graphs.…”

Section: Network Flowmentioning

confidence: 99%

A Survey on Malware Detection with Graph Representation Learning

Bilot¹,

Madhoun²,

Agha³

et al. 2023

Preprint

View full text Add to dashboard Cite

Malware detection has become a major concern due to the increasing number and complexity of malware. Traditional detection methods based on signatures and heuristics are used for malware detection, but unfortunately, they suffer from poor generalization to unknown attacks and can be easily circumvented using obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data and have become a solution preferred over traditional methods. More recently, the application of such techniques on graph-structured data has achieved state-of-the-art performance in various domains and demonstrates promising results in learning more robust representations from malware. Yet, no literature review focusing on graph-based deep learning for malware detection exists. In this survey, we provide an in-depth literature review to summarize and unify existing works under the common approaches and architectures. We notably demonstrate that Graph Neural Networks (GNNs) reach competitive results in learning robust embeddings from malware represented as expressive graph structures, leading to an efficient detection by downstream classifiers. This paper also reviews adversarial attacks that are utilized to fool graph-based detection methods. Challenges and future research directions are discussed at the end of the paper. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Malware and its mitigation; • Computing methodologies → Learning latent representations; Neural networks; Spectral methods.

show abstract

“…The experiment results showed that GCN performs better than the logistic regression model. Addressing the potential issue of overfitting with GNN models, Carpenter et al [82] introduce an approach termed Inferential SIR-GN. This technique is designed to generalize unseen data within large graphs while prioritizing node structural similarity, thereby enhancing the robustness of GNNs in intrusion detection scenarios.…”

Section: Intrusive Detectionmentioning

confidence: 99%

Empowering Digital Twin for Future Networks with Graph Neural Networks: Overview, Enabling Technologies, Challenges, and Opportunities

Ngo,

Aouedi,

Piamrat

et al. 2023

Future Internet

View full text Add to dashboard Cite

As the complexity and scale of modern networks continue to grow, the need for efficient, secure management, and optimization becomes increasingly vital. Digital twin (DT) technology has emerged as a promising approach to address these challenges by providing a virtual representation of the physical network, enabling analysis, diagnosis, emulation, and control. The emergence of Software-defined network (SDN) has facilitated a holistic view of the network topology, enabling the use of Graph neural network (GNN) as a data-driven technique to solve diverse problems in future networks. This survey explores the intersection of GNNs and Network digital twins (NDTs), providing an overview of their applications, enabling technologies, challenges, and opportunities. We discuss how GNNs and NDTs can be leveraged to improve network performance, optimize routing, enable network slicing, and enhance security in future networks. Additionally, we highlight certain advantages of incorporating GNNs into NDTs and present two case studies. Finally, we address the key challenges and promising directions in the field, aiming to inspire further advancements and foster innovation in GNN-based NDTs for future networks.

show abstract

Detecting Botnet Nodes via Structural Node Representation Learning

Cited by 7 publications

References 25 publications

Graph Neural Networks for Intrusion Detection: A Survey

Graph Neural Networks for Intrusion Detection: A Survey

A Survey on Malware Detection with Graph Representation Learning

Empowering Digital Twin for Future Networks with Graph Neural Networks: Overview, Enabling Technologies, Challenges, and Opportunities

Contact Info

Product

Resources

About