XG-BoT: An explainable deep graph neural network for botnet detection and forensics

In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and an explainer for automatic forensics. The XG-BoT detector can effectively detect malicious botnet nodes in large-scale networks. Specifically...

Full description

Saved in:
Bibliographic Details
Published inInternet of things (Amsterdam. Online) Vol. 22; p. 100747
Main Authors Lo, Wai Weng, Kulatilleke, Gayan, Sarhan, Mohanad, Layeghy, Siamak, Portmann, Marius
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.07.2023
Subjects
Anomaly detection
Botnet detection
Digital forensics
Graph neural network
Graph representation learning
Graph representation learning
Botnet detection
Digital forensics
Graph neural network
Anomaly detection
Online AccessGet full text
ISSN2542-6605
2542-6605
DOI10.1016/j.iot.2023.100747

Cover

More Information
Summary:In this paper, we propose XG-BoT, an explainable deep graph neural network model for botnet node detection. The proposed model comprises a botnet detector and an explainer for automatic forensics. The XG-BoT detector can effectively detect malicious botnet nodes in large-scale networks. Specifically, it utilizes a grouped reversible residual connection with a graph isomorphism network to learn expressive node representations from botnet communication graphs. The explainer, based on the GNNExplainer and saliency map in XG-BoT, can perform automatic network forensics by highlighting suspicious network flows and related botnet nodes. We evaluated XG-BoT using real-world, large-scale botnet network graph datasets. Overall, XG-BoT outperforms state-of-the-art approaches in terms of key evaluation metrics. Additionally, we demonstrate that the XG-BoT explainers can generate useful explanations for automatic network forensics.
ISSN:2542-6605
2542-6605
DOI:10.1016/j.iot.2023.100747