XG-BoT: An Explainable Deep Graph Neural Network for Botnet Detection and Forensics

Lo, Wai Weng; Layeghy, Siamak; Sarhan, Mohanad; Portmann, Marius

doi:10.48550/arxiv.2207.09088

Cited by 1 publication

(3 citation statements)

References 17 publications

(29 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address these engineering issues, researchers have proposed graph sampling methods to divide the graph into manageable batches and distribute the training across multiple workers [57]. Additionally, model interpretability is a critical concern for many applications, including those in cybersecurity [67], [158]. Despite their importance, these topics remain less discussed in current literature and represent areas for future research.…”

Section: Discussion and Future Directionsmentioning

confidence: 99%

“…To prevent the previous over-smoothing problem, XG-BoT [67] leverages grouped reversible residual connections [81] along with a GIN model to capture hidden topological patterns of botnets while maintaining more stability during the training of very deep models. XG-BoT was also evaluated on the dataset by Zhou et al [65] and outperforms the two previous works [65], [66] for the detection of botnet nodes.…”

Section: ) Network Intrusion Detection With Flow Graphsmentioning

confidence: 99%

“…Each dataset contains 960 graphs with self-loops and is composed in average of 140,000 nodes and 700,000 edges. No additional flow features are provided in this dataset and existing works rather leverage representation to learn directly embeddings from graph topology, as done in [66] and [67] with C2 and P2P datasets.…”

Section: ) Network Intrusion Datasetsmentioning

confidence: 99%

See 2 more Smart Citations

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Cyberattacks represent an ever-growing threat that has become a real priority for most organizations. Attackers use sophisticated attack scenarios to deceive defense systems in order to access private data or cause harm. Machine Learning (ML) and Deep Learning (DL) have demonstrate impressive results for detecting cyberattacks due to their ability to learn generalizable patterns from flat data. However, flat data fail to capture the structural behavior of attacks, which is essential for effective detection. Contrarily, graph structures provide a more robust and abstract view of a system that is difficult for attackers to evade. Recently, Graph Neural Networks (GNNs) have become successful in learning useful representations from the semantic provided by graph-structured data. Intrusions have been detected for years using graphs such as network flow graphs or provenance graphs, and learning representations from these structures can help models understand the structural patterns of attacks, in addition to traditional features. In this survey, we focus on the applications of graph representation learning to the detection of network-based and hostbased intrusions, with special attention to GNN methods. For both network and host levels, we present the graph data structures that can be leveraged and we comprehensively review the state-of-the-art papers along with the used datasets. Our analysis reveals that GNNs are particularly efficient in cybersecurity, since they can learn effective representations without requiring any external domain knowledge. We also evaluate the robustness of these techniques based on adversarial attacks. Finally, we discuss the strengths and weaknesses of GNN-based intrusion detection and identify future research directions.INDEX TERMS Cyberattacks, cybersecurity, deep learning (DL), graph neural networks (GNNs), intrusion detection (IDS), machine learning (ML).

show abstract

Section: Discussion and Future Directionsmentioning

confidence: 99%