XG-BoT: An explainable deep graph neural network for botnet detection and forensics

In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and an explainer for automatic forensics. The XG-BoT detector can effectively detect malicious botnet nodes in large-scale networks. Specifically...

Full description

Saved in:
Bibliographic Details
Published inInternet of things (Amsterdam. Online) Vol. 22; p. 100747
Main Authors Lo, Wai Weng, Kulatilleke, Gayan, Sarhan, Mohanad, Layeghy, Siamak, Portmann, Marius
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.07.2023
Subjects
Anomaly detection
Botnet detection
Digital forensics
Graph neural network
Graph representation learning
Graph representation learning
Botnet detection
Digital forensics
Graph neural network
Anomaly detection
Online AccessGet full text
ISSN2542-6605
2542-6605
DOI10.1016/j.iot.2023.100747

Cover

Abstract In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and an explainer for automatic forensics. The XG-BoT detector can effectively detect malicious botnet nodes in large-scale networks. Specifically, it utilizes a grouped reversible residual connection with a graph isomorphism network to learn expressive node representations from botnet communication graphs. The explainer, based on the GNNExplainer and saliency map in XG-BoT, can perform automatic network forensics by highlighting suspicious network flows and related botnet nodes. We evaluated XG-BoT using real-world, large-scale botnet network graph datasets. Overall, XG-BoT outperforms state-of-the-art approaches in terms of key evaluation metrics. Additionally, we demonstrate that the XG-BoT explainers can generate useful explanations for automatic network forensics.
AbstractList In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and an explainer for automatic forensics. The XG-BoT detector can effectively detect malicious botnet nodes in large-scale networks. Specifically, it utilizes a grouped reversible residual connection with a graph isomorphism network to learn expressive node representations from botnet communication graphs. The explainer, based on the GNNExplainer and saliency map in XG-BoT, can perform automatic network forensics by highlighting suspicious network flows and related botnet nodes. We evaluated XG-BoT using real-world, large-scale botnet network graph datasets. Overall, XG-BoT outperforms state-of-the-art approaches in terms of key evaluation metrics. Additionally, we demonstrate that the XG-BoT explainers can generate useful explanations for automatic network forensics.
ArticleNumber 100747
Author Lo, Wai Weng
Kulatilleke, Gayan
Sarhan, Mohanad
Layeghy, Siamak
Portmann, Marius
Author_xml – sequence: 1
  givenname: Wai Weng
  orcidid: 0000-0003-3458-4043
  surname: Lo
  fullname: Lo, Wai Weng
  email: w.w.lo@uq.net.au
– sequence: 2
  givenname: Gayan
  surname: Kulatilleke
  fullname: Kulatilleke, Gayan
  email: g.kulatilleke@uq.net.au
– sequence: 3
  givenname: Mohanad
  surname: Sarhan
  fullname: Sarhan, Mohanad
  email: m.sarhan@uq.net.au
– sequence: 4
  givenname: Siamak
  surname: Layeghy
  fullname: Layeghy, Siamak
  email: siamak.layeghy@uq.net.au
– sequence: 5
  givenname: Marius
  surname: Portmann
  fullname: Portmann, Marius
  email: marius@itee.uq.edu.au
BookMark eNp9kM1OAyEQgImpibX2AbztC2wF9gfRU220mjTxYE28EWAHpa7QAP69vWzqwXjoaWYy801mvmM0ct4BQqcEzwgm7dlmZn2aUUyrXGNWswM0pk1Ny7bFzehPfoSmMW4wxpS3Fa3YGD08Lcsrv74o5q6Ar20vrZOqh6ID2BbPQW5fCgfvQfY5pE8fXgvjQ6F8ymUeSqCT9a6Qrhsa4KLV8QQdGtlHmP7GCXq8uV4vbsvV_fJuMV-VmnKWyrbjpKorrjouZSOBA6PUKMMJpUxxps9ryGc0UklguqaaYlNzo1VNFJGmqyaI7fbq4GMMYIS2SQ73pCBtLwgWgx6xEVmPGPSInZ5Mkn_kNtg3Gb73Mpc7BvJLHxaCiNqC09DZkC2Izts99A-8R4CQ
CitedBy_id crossref_primary_10_1016_j_measen_2024_101261
crossref_primary_10_1038_s41598_024_54809_z
crossref_primary_10_1007_s42979_024_02636_4
crossref_primary_10_1038_s41598_024_81116_4
crossref_primary_10_1186_s42400_024_00307_8
crossref_primary_10_1109_ACCESS_2025_3541125
crossref_primary_10_1002_cpe_8258
crossref_primary_10_3390_app14041615
crossref_primary_10_3390_electronics13091671
crossref_primary_10_3390_s23146302
crossref_primary_10_1109_TCSS_2023_3330738
crossref_primary_10_1016_j_comcom_2025_108084
crossref_primary_10_3390_fi15120377
crossref_primary_10_3390_sym14122483
crossref_primary_10_1016_j_cose_2024_103783
crossref_primary_10_3390_electronics13122274
crossref_primary_10_1109_TIFS_2025_3541890
crossref_primary_10_1007_s10922_024_09842_8
crossref_primary_10_1007_s10462_024_10890_4
crossref_primary_10_3390_math12091315
crossref_primary_10_1016_j_future_2023_06_003
crossref_primary_10_1109_TIFS_2024_3453172
crossref_primary_10_1109_JPROC_2024_3369017
crossref_primary_10_1145_3660522
Cites_doi 10.1109/SURV.2011.092311.00082
10.1016/j.cose.2014.05.011
10.1145/2420950.2420969
10.1007/s00521-018-3595-x
10.1109/MPRV.2018.03367731
10.1016/j.jpdc.2018.03.006
10.1109/TNNLS.2020.2978386
10.1109/ICCV.2019.00936
10.1109/COMST.2017.2749442
10.1145/3394486.3403076
10.1007/s00500-020-04963-z
10.1007/s12652-018-1140-5
10.1007/s12652-019-01387-y
10.1186/s40537-017-0074-7
10.1609/aaai.v32i1.11604
ContentType Journal Article
Copyright 2023 Elsevier B.V.
Copyright_xml – notice: 2023 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.iot.2023.100747
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2542-6605
ExternalDocumentID 10_1016_j_iot_2023_100747
S2542660523000707
GroupedDBID AACTN
AAEDW
AAIAV
AAKOC
AALRI
AAXUO
AAYFN
ABMAC
ACDAQ
ACHRH
ACRLP
AEBSH
AFKWA
AFTJW
AGUBO
AGUMN
AIALX
AIEXJ
AIKHN
AITUG
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
AOUOD
AXJTR
BELTK
BJAXD
BKOJK
EBS
EFJIC
EFLBG
EJD
FDB
FYGXN
KOM
M41
ROL
SPC
SPCBC
SSB
SSL
SSR
SST
SSV
SSZ
T5K
~G-
0R~
AAQFI
AATTM
AAYWO
AAYXX
ABJNI
ACLOT
ACVFH
ADCNI
AEIPS
AEUPX
AFJKZ
AFPUW
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
CITATION
EFKBS
ID FETCH-LOGICAL-c297t-6d913439bd9aa5ae9e722fbf91227b97c84edee5abae7c42c20f49fcb41b1afd3
IEDL.DBID AIKHN
ISSN 2542-6605
IngestDate Wed Oct 01 04:04:18 EDT 2025
Thu Apr 24 23:12:51 EDT 2025
Fri Feb 23 02:37:42 EST 2024
IsPeerReviewed true
IsScholarly true
Keywords Graph representation learning
Botnet detection
Digital forensics
Graph neural network
Anomaly detection
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c297t-6d913439bd9aa5ae9e722fbf91227b97c84edee5abae7c42c20f49fcb41b1afd3
ORCID 0000-0003-3458-4043
ParticipantIDs crossref_citationtrail_10_1016_j_iot_2023_100747
crossref_primary_10_1016_j_iot_2023_100747
elsevier_sciencedirect_doi_10_1016_j_iot_2023_100747
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate July 2023
2023-07-00
PublicationDateYYYYMMDD 2023-07-01
PublicationDate_xml – month: 07
  year: 2023
  text: July 2023
PublicationDecade 2020
PublicationTitle Internet of things (Amsterdam. Online)
PublicationYear 2023
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Carpenter, Layne, Serra, Cuzzocrea (b31) 2021
Meidan, Bohadana, Mathov, Mirsky, Shabtai, Breitenbacher, Elovici (b27) 2018; 17
Ahmed, Jabbar, Sadiq, Patel (b17) 2020
Vormayr, Zseby, Fabini (b10) 2017; 19
Moodi, Ghazvini (b21) 2019; 10
L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, C. Kruegel, Disclosure: detecting botnet command and control servers through large-scale netflow analysis, in: Proceedings of the 28th Annual Computer Security Applications Conference, 2012, pp. 129–138.
Kulatilleke, Portmann, Chandra (b35) 2022
Q. Li, Z. Han, X.-M. Wu, Deeper insights into graph convolutional networks for semi-supervised learning, in: Thirty-Second AAAI Conference on Artificial Intelligence, 2018.
Wu, Pan, Chen, Long, Zhang, Philip (b6) 2020; 32
Kipf, Welling (b29) 2016
Sundararajan, Taly, Yan (b32) 2017
Cheng, Lin, Lai, Lin (b3) 2011; 14
Gomez, Ren, Urtasun, Grosse (b28) 2017; 30
G. Li, M. Muller, A. Thabet, B. Ghanem, Deepgcns: Can gcns go as deep as cnns?, in: Proceedings of the IEEE/CVF International Conference on Computer Vision, 2019, pp. 9267–9276.
Pektaş, Acarman (b20) 2019; 31
K. Simonyan, A. Vedaldi, A. Zisserman, Deep inside convolutional networks: Visualising image classification models and saliency maps, in: Proceedings of the International Conference on Learning Representations, 2014.
Shi, Sun (b18) 2020; 24
Kozik, Choraś, Ficco, Palmieri (b19) 2018; 119
Chowdhury, Khanzadeh, Akula, Zhang, Zhang, Medal, Marufuzzaman, Bian (b4) 2017; 4
Garcia, Grill, Stiborek, Zunino (b23) 2014; 45
W.W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, M. Portmann, E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT, in: NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1–9.
Shervashidze, Schweitzer, Van Leeuwen, Mehlhorn, Borgwardt (b30) 2011; 12
Li, Müller, Ghanem, Koltun (b11) 2021
Kasanishi, Wang, Yamasaki (b14) 2021
McDermott, Majdani, Petrovski (b15) 2018
.
K. Xu, W. Hu, J. Leskovec, S. Jegelka, How Powerful are Graph Neural Networks?, in: International Conference on Learning Representations, 2019, URL
Al Shorman, Faris, Aljarah (b22) 2020; 11
Ying, Bourgeois, You, Zitnik, Leskovec (b13) 2019; 32
Adebayo, Gilmer, Muelly, Goodfellow, Hardt, Kim (b34) 2018; 31
Abou Daya, Salahuddin, Limam, Boutaba (b5) 2019
Zhang, Li, Chen, Lee, Lee (b8) 2021
J. Zhou, Z. Xu, A.M. Rush, M. Yu, Automating botnet detection with graph neural networks, in: AutoML for Networking and Systems Workshop of MLSys 2020 Conference, 2020.
M. Liu, H. Gao, S. Ji, Towards deeper graph neural networks, in: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, 2020, pp. 338–348.
(b26) 2010
Gu, Perdisci, Zhang, Lee (b1) 2008
M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J.A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the mirai botnet, in: 26th USENIX Security Symposium (USENIX Security 17), 2017, pp. 1093–1110.
Wu (10.1016/j.iot.2023.100747_b6) 2020; 32
Gomez (10.1016/j.iot.2023.100747_b28) 2017; 30
Li (10.1016/j.iot.2023.100747_b11) 2021
10.1016/j.iot.2023.100747_b16
Vormayr (10.1016/j.iot.2023.100747_b10) 2017; 19
Meidan (10.1016/j.iot.2023.100747_b27) 2018; 17
Sundararajan (10.1016/j.iot.2023.100747_b32) 2017
Kulatilleke (10.1016/j.iot.2023.100747_b35) 2022
10.1016/j.iot.2023.100747_b25
Chowdhury (10.1016/j.iot.2023.100747_b4) 2017; 4
10.1016/j.iot.2023.100747_b24
Kipf (10.1016/j.iot.2023.100747_b29) 2016
Carpenter (10.1016/j.iot.2023.100747_b31) 2021
10.1016/j.iot.2023.100747_b7
Shervashidze (10.1016/j.iot.2023.100747_b30) 2011; 12
Ying (10.1016/j.iot.2023.100747_b13) 2019; 32
10.1016/j.iot.2023.100747_b9
McDermott (10.1016/j.iot.2023.100747_b15) 2018
Kozik (10.1016/j.iot.2023.100747_b19) 2018; 119
Gu (10.1016/j.iot.2023.100747_b1) 2008
Moodi (10.1016/j.iot.2023.100747_b21) 2019; 10
Garcia (10.1016/j.iot.2023.100747_b23) 2014; 45
Adebayo (10.1016/j.iot.2023.100747_b34) 2018; 31
(10.1016/j.iot.2023.100747_b26) 2010
Shi (10.1016/j.iot.2023.100747_b18) 2020; 24
10.1016/j.iot.2023.100747_b2
Ahmed (10.1016/j.iot.2023.100747_b17) 2020
Al Shorman (10.1016/j.iot.2023.100747_b22) 2020; 11
Pektaş (10.1016/j.iot.2023.100747_b20) 2019; 31
Cheng (10.1016/j.iot.2023.100747_b3) 2011; 14
Zhang (10.1016/j.iot.2023.100747_b8) 2021
Kasanishi (10.1016/j.iot.2023.100747_b14) 2021
Abou Daya (10.1016/j.iot.2023.100747_b5) 2019
10.1016/j.iot.2023.100747_b36
10.1016/j.iot.2023.100747_b12
10.1016/j.iot.2023.100747_b33
References_xml – start-page: 6437
  year: 2021
  end-page: 6449
  ident: b11
  article-title: Training graph neural networks with 1000 layers
  publication-title: International Conference on Machine Learning
– volume: 11
  start-page: 2809
  year: 2020
  end-page: 2825
  ident: b22
  article-title: Unsupervised intelligent system based on one class support vector machine and grey wolf optimization for IoT botnet detection
  publication-title: J. Ambient Intell. Humaniz. Comput.
– volume: 12
  year: 2011
  ident: b30
  article-title: Weisfeiler-lehman graph kernels.
  publication-title: J. Mach. Learn. Res.
– volume: 14
  start-page: 1011
  year: 2011
  end-page: 1020
  ident: b3
  article-title: Evasion techniques: Sneaking through your intrusion detection/prevention systems
  publication-title: IEEE Commun. Surv. Tutor.
– volume: 31
  start-page: 8021
  year: 2019
  end-page: 8033
  ident: b20
  article-title: Deep learning to detect botnet via network flow summaries
  publication-title: Neural Comput. Appl.
– volume: 32
  start-page: 9240
  year: 2019
  ident: b13
  article-title: Gnnexplainer: Generating explanations for graph neural networks
  publication-title: Adv. Neural Inf. Process. Syst.
– year: 2016
  ident: b29
  article-title: Semi-supervised classification with graph convolutional networks
– start-page: 66
  year: 2021
  end-page: 78
  ident: b8
  article-title: A practical botnet traffic detection system using GNN
  publication-title: International Symposium on Cyberspace Safety and Security
– volume: 4
  start-page: 1
  year: 2017
  end-page: 23
  ident: b4
  article-title: Botnet detection using graph-based feature clustering
  publication-title: J. Big Data
– start-page: 5357
  year: 2021
  end-page: 5364
  ident: b31
  article-title: Detecting botnet nodes via structural node representation learning
  publication-title: 2021 IEEE International Conference on Big Data (Big Data)
– volume: 119
  start-page: 18
  year: 2018
  end-page: 26
  ident: b19
  article-title: A scalable distributed machine learning approach for attack detection in edge computing environments
  publication-title: J. Parallel Distrib. Comput.
– year: 2010
  ident: b26
  article-title: ISOT botnet dataset
– volume: 30
  year: 2017
  ident: b28
  article-title: The reversible residual network: Backpropagation without storing activations
  publication-title: Adv. Neural Inf. Process. Syst.
– reference: K. Xu, W. Hu, J. Leskovec, S. Jegelka, How Powerful are Graph Neural Networks?, in: International Conference on Learning Representations, 2019, URL
– reference: W.W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, M. Portmann, E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT, in: NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1–9.
– year: 2008
  ident: b1
  article-title: Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection
– volume: 32
  start-page: 4
  year: 2020
  end-page: 24
  ident: b6
  article-title: A comprehensive survey on graph neural networks
  publication-title: IEEE Trans. Neural Netw. Learn. Syst.
– volume: 17
  start-page: 12
  year: 2018
  end-page: 22
  ident: b27
  article-title: N-baiot—network-based detection of iot botnet attacks using deep autoencoders
  publication-title: IEEE Pervasive Comput.
– volume: 10
  start-page: 4579
  year: 2019
  end-page: 4593
  ident: b21
  article-title: A new method for assigning appropriate labels to create a 28 standard android botnet dataset (28-SABD)
  publication-title: J. Ambient Intell. Humaniz. Comput.
– start-page: 1
  year: 2020
  end-page: 10
  ident: b17
  article-title: Deep learning-based classification model for botnet attack detection
  publication-title: J. Ambient Intell. Humaniz. Comput.
– reference: J. Zhou, Z. Xu, A.M. Rush, M. Yu, Automating botnet detection with graph neural networks, in: AutoML for Networking and Systems Workshop of MLSys 2020 Conference, 2020.
– reference: M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J.A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the mirai botnet, in: 26th USENIX Security Symposium (USENIX Security 17), 2017, pp. 1093–1110.
– start-page: 1
  year: 2018
  end-page: 8
  ident: b15
  article-title: Botnet detection in the internet of things using deep learning approaches
  publication-title: 2018 International Joint Conference on Neural Networks
– reference: .
– reference: M. Liu, H. Gao, S. Ji, Towards deeper graph neural networks, in: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, 2020, pp. 338–348.
– reference: G. Li, M. Muller, A. Thabet, B. Ghanem, Deepgcns: Can gcns go as deep as cnns?, in: Proceedings of the IEEE/CVF International Conference on Computer Vision, 2019, pp. 9267–9276.
– start-page: 249
  year: 2021
  end-page: 252
  ident: b14
  article-title: Edge-level explanations for graph neural networks by extending explainability methods for convolutional neural networks
  publication-title: 2021 IEEE International Symposium on Multimedia
– volume: 24
  start-page: 16605
  year: 2020
  end-page: 16616
  ident: b18
  article-title: DeepBot: a time-based botnet detection with deep learning
  publication-title: Soft Comput.
– year: 2022
  ident: b35
  article-title: SCGC: Self-supervised contrastive graph clustering
– reference: L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, C. Kruegel, Disclosure: detecting botnet command and control servers through large-scale netflow analysis, in: Proceedings of the 28th Annual Computer Security Applications Conference, 2012, pp. 129–138.
– volume: 31
  year: 2018
  ident: b34
  article-title: Sanity checks for saliency maps
  publication-title: Adv. Neural Inf. Process. Syst.
– start-page: 144
  year: 2019
  end-page: 152
  ident: b5
  article-title: A graph-based machine learning approach for bot detection
  publication-title: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management
– volume: 45
  start-page: 100
  year: 2014
  end-page: 123
  ident: b23
  article-title: An empirical comparison of botnet detection methods
  publication-title: Comput. Secur.
– start-page: 3319
  year: 2017
  end-page: 3328
  ident: b32
  article-title: Axiomatic attribution for deep networks
  publication-title: International Conference on Machine Learning
– volume: 19
  start-page: 2768
  year: 2017
  end-page: 2796
  ident: b10
  article-title: Botnet communication patterns
  publication-title: IEEE Commun. Surv. Tutor.
– reference: Q. Li, Z. Han, X.-M. Wu, Deeper insights into graph convolutional networks for semi-supervised learning, in: Thirty-Second AAAI Conference on Artificial Intelligence, 2018.
– reference: K. Simonyan, A. Vedaldi, A. Zisserman, Deep inside convolutional networks: Visualising image classification models and saliency maps, in: Proceedings of the International Conference on Learning Representations, 2014.
– start-page: 6437
  year: 2021
  ident: 10.1016/j.iot.2023.100747_b11
  article-title: Training graph neural networks with 1000 layers
– volume: 14
  start-page: 1011
  issue: 4
  year: 2011
  ident: 10.1016/j.iot.2023.100747_b3
  article-title: Evasion techniques: Sneaking through your intrusion detection/prevention systems
  publication-title: IEEE Commun. Surv. Tutor.
  doi: 10.1109/SURV.2011.092311.00082
– start-page: 249
  year: 2021
  ident: 10.1016/j.iot.2023.100747_b14
  article-title: Edge-level explanations for graph neural networks by extending explainability methods for convolutional neural networks
– ident: 10.1016/j.iot.2023.100747_b36
– start-page: 1
  year: 2018
  ident: 10.1016/j.iot.2023.100747_b15
  article-title: Botnet detection in the internet of things using deep learning approaches
– start-page: 144
  year: 2019
  ident: 10.1016/j.iot.2023.100747_b5
  article-title: A graph-based machine learning approach for bot detection
– volume: 45
  start-page: 100
  year: 2014
  ident: 10.1016/j.iot.2023.100747_b23
  article-title: An empirical comparison of botnet detection methods
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2014.05.011
– volume: 31
  year: 2018
  ident: 10.1016/j.iot.2023.100747_b34
  article-title: Sanity checks for saliency maps
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: 10.1016/j.iot.2023.100747_b2
  doi: 10.1145/2420950.2420969
– volume: 12
  issue: 9
  year: 2011
  ident: 10.1016/j.iot.2023.100747_b30
  article-title: Weisfeiler-lehman graph kernels.
  publication-title: J. Mach. Learn. Res.
– ident: 10.1016/j.iot.2023.100747_b7
– volume: 31
  start-page: 8021
  issue: 11
  year: 2019
  ident: 10.1016/j.iot.2023.100747_b20
  article-title: Deep learning to detect botnet via network flow summaries
  publication-title: Neural Comput. Appl.
  doi: 10.1007/s00521-018-3595-x
– volume: 17
  start-page: 12
  issue: 3
  year: 2018
  ident: 10.1016/j.iot.2023.100747_b27
  article-title: N-baiot—network-based detection of iot botnet attacks using deep autoencoders
  publication-title: IEEE Pervasive Comput.
  doi: 10.1109/MPRV.2018.03367731
– volume: 119
  start-page: 18
  year: 2018
  ident: 10.1016/j.iot.2023.100747_b19
  article-title: A scalable distributed machine learning approach for attack detection in edge computing environments
  publication-title: J. Parallel Distrib. Comput.
  doi: 10.1016/j.jpdc.2018.03.006
– year: 2016
  ident: 10.1016/j.iot.2023.100747_b29
– volume: 32
  start-page: 4
  issue: 1
  year: 2020
  ident: 10.1016/j.iot.2023.100747_b6
  article-title: A comprehensive survey on graph neural networks
  publication-title: IEEE Trans. Neural Netw. Learn. Syst.
  doi: 10.1109/TNNLS.2020.2978386
– ident: 10.1016/j.iot.2023.100747_b9
  doi: 10.1109/ICCV.2019.00936
– volume: 19
  start-page: 2768
  issue: 4
  year: 2017
  ident: 10.1016/j.iot.2023.100747_b10
  article-title: Botnet communication patterns
  publication-title: IEEE Commun. Surv. Tutor.
  doi: 10.1109/COMST.2017.2749442
– year: 2008
  ident: 10.1016/j.iot.2023.100747_b1
– ident: 10.1016/j.iot.2023.100747_b16
– volume: 32
  start-page: 9240
  year: 2019
  ident: 10.1016/j.iot.2023.100747_b13
  article-title: Gnnexplainer: Generating explanations for graph neural networks
  publication-title: Adv. Neural Inf. Process. Syst.
– year: 2010
  ident: 10.1016/j.iot.2023.100747_b26
– start-page: 3319
  year: 2017
  ident: 10.1016/j.iot.2023.100747_b32
  article-title: Axiomatic attribution for deep networks
– ident: 10.1016/j.iot.2023.100747_b12
– volume: 30
  year: 2017
  ident: 10.1016/j.iot.2023.100747_b28
  article-title: The reversible residual network: Backpropagation without storing activations
  publication-title: Adv. Neural Inf. Process. Syst.
– start-page: 66
  year: 2021
  ident: 10.1016/j.iot.2023.100747_b8
  article-title: A practical botnet traffic detection system using GNN
– ident: 10.1016/j.iot.2023.100747_b24
  doi: 10.1145/3394486.3403076
– start-page: 1
  year: 2020
  ident: 10.1016/j.iot.2023.100747_b17
  article-title: Deep learning-based classification model for botnet attack detection
  publication-title: J. Ambient Intell. Humaniz. Comput.
– ident: 10.1016/j.iot.2023.100747_b33
– volume: 24
  start-page: 16605
  issue: 21
  year: 2020
  ident: 10.1016/j.iot.2023.100747_b18
  article-title: DeepBot: a time-based botnet detection with deep learning
  publication-title: Soft Comput.
  doi: 10.1007/s00500-020-04963-z
– volume: 10
  start-page: 4579
  issue: 11
  year: 2019
  ident: 10.1016/j.iot.2023.100747_b21
  article-title: A new method for assigning appropriate labels to create a 28 standard android botnet dataset (28-SABD)
  publication-title: J. Ambient Intell. Humaniz. Comput.
  doi: 10.1007/s12652-018-1140-5
– year: 2022
  ident: 10.1016/j.iot.2023.100747_b35
– volume: 11
  start-page: 2809
  issue: 7
  year: 2020
  ident: 10.1016/j.iot.2023.100747_b22
  article-title: Unsupervised intelligent system based on one class support vector machine and grey wolf optimization for IoT botnet detection
  publication-title: J. Ambient Intell. Humaniz. Comput.
  doi: 10.1007/s12652-019-01387-y
– volume: 4
  start-page: 1
  issue: 1
  year: 2017
  ident: 10.1016/j.iot.2023.100747_b4
  article-title: Botnet detection using graph-based feature clustering
  publication-title: J. Big Data
  doi: 10.1186/s40537-017-0074-7
– ident: 10.1016/j.iot.2023.100747_b25
  doi: 10.1609/aaai.v32i1.11604
– start-page: 5357
  year: 2021
  ident: 10.1016/j.iot.2023.100747_b31
  article-title: Detecting botnet nodes via structural node representation learning
SSID ssj0002963237
Score 2.465247
Snippet In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and...
SourceID crossref
elsevier
SourceType Enrichment Source
Index Database
Publisher
StartPage 100747
SubjectTerms Anomaly detection
Botnet detection
Digital forensics
Graph neural network
Graph representation learning
Title XG-BoT: An explainable deep graph neural network for botnet detection and forensics
URI https://dx.doi.org/10.1016/j.iot.2023.100747
Volume 22
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Complete Freedom Collection [SCCMFC]
  customDbUrl:
  eissn: 2542-6605
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0002963237
  issn: 2542-6605
  databaseCode: ACRLP
  dateStart: 20180901
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals [SCFCJ]
  customDbUrl:
  eissn: 2542-6605
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0002963237
  issn: 2542-6605
  databaseCode: AIKHN
  dateStart: 20180901
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
– providerCode: PRVLSH
  databaseName: Elsevier Journals
  customDbUrl:
  mediaType: online
  eissn: 2542-6605
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0002963237
  issn: 2542-6605
  databaseCode: AKRWK
  dateStart: 20180901
  isFulltext: true
  providerName: Library Specific Holdings
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3NS8MwFA9zu-hB_MT5RQ6ehLAla5fG2xzO6XAHt-FuJZ8wGV3RCv75Jmk6JqgHT23avLQ8Hu-9JL_8HgBXnCub2asYGSwlirDb3xVYIa6IIIRTlmB3UPhp3B3Oosd5PK-BfnUWxsEqg-8vfbr31uFJK2izlS8WrYmd2tjo4pc1PWnNFmjY-JMkddDoPYyG4_VSC7FGRjx7phNBTqba3_RIr8XKgSpJxyMGXJ2VnyLURtQZ7IHdkC7CXvlH-6CmswOws0EieAgm83t0u5rewF4G9We-DMehoNI6h56PGjrSSjtKVkK-oc1ToVgVtmk7FR6LlUGeKffC4dnl-xGYDe6m_SEKpRKQJIwWqKvcDnqHCcU4j7lmmhJihGGYECoYlUmk7WdjLrimMiKStE3EjBQRFpgb1TkG9WyV6RMAMReGMsOFnapFJra3MlGCSd1tcyoIb4J2pZ5UBh5xV85imVaAsdfUajR1Gk1LjTbB9VokL0k0_uocVTpPv1lCap3872Kn_xM7A9uuVQJwz0G9ePvQFzbNKMRlMCN3HT2_jL4AVUzSsQ
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwELZKOwAD4inK0wMTUtTGceqarVSUlD6WtlK3yE-pqEoiCBI_H9tJqiIBA1sS--LodDmffd99BuCOMWkiexl62hfCw77N73JfekwijhAjtOvbQuHJtBMt8MsyXNZAv6qFsbDK0vcXPt156_JJq9RmK1utWjOztDGzi9vWdKQ1O6CBw4CYv7PRG46i6WarBRkjQ44904p4VqbKbzqk1yq1oEoUOMSAPWflpxlqa9YZHIKDMlyEveKLjkBNJcdgf4tE8ATMls_eYzp_gL0Eqs9sXZZDQalUBh0fNbSkleYtSQH5hiZOhTzNza3plDssVgJZIm2DxbOL91OwGDzN-5FXHpXgCURJ7nWkzaAHlEvKWMgUVQQhzTX1ESKcEtHFygwbMs4UERgJ1NaYasGxz32mZXAG6kmaqHMAfcY1oZpxs1TDOjSXois5FarTZoQj1gTtSj2xKHnE7XEW67gCjL3GRqOx1WhcaLQJ7jciWUGi8VdnXOk8_mYJsXHyv4td_E_sFuxG88k4Hg-no0uwZ1sKMO4VqOdvH-rahBw5vylN6gue8NPv
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=XG-BoT%3A+An+explainable+deep+graph+neural+network+for+botnet+detection+and+forensics&rft.jtitle=Internet+of+things+%28Amsterdam.+Online%29&rft.au=Lo%2C+Wai+Weng&rft.au=Kulatilleke%2C+Gayan&rft.au=Sarhan%2C+Mohanad&rft.au=Layeghy%2C+Siamak&rft.date=2023-07-01&rft.issn=2542-6605&rft.eissn=2542-6605&rft.volume=22&rft.spage=100747&rft_id=info:doi/10.1016%2Fj.iot.2023.100747&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_iot_2023_100747
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2542-6605&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2542-6605&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2542-6605&client=summon