Open Access


BotSward: Centrality Measures for Graph-Based Bot Detection Using Machine Learning

Khlood Shinan1,2, Khalid Alsubhi2, M. Usman Ashraf3,*
1 Department of Computer Science, College Computer Science in Al-Leith, Umm Al-Qura University, Mecca 21421, Saudi Arabia
2 Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
3 Department of Computer Science, GC Women University Sialkot, Pakistan
* Corresponding Author: M. Usman Ashraf. Email:

Computers, Materials & Continua 2023, 74(1), 693-714.

Received 23 April 2022; Accepted 08 June 2022; Issue published 22 September 2022


The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet. Bot detection using machine learning (ML) with flow-based features has been extensively studied in the literature. Existing flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features of malicious hosts. Recently, Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations, as graphs provide a real representation of network communications. The purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and ML. We propose BotSward, a graph-based bot detection system that is based on ML. We apply the efficient centrality measures, which are Closeness Centrality (CC), Degree Centrality (CC), and PageRank (PR), and compare them with others used in the state-of-the-art. The efficiency of the proposed method is verified on the available Czech Technical University 13 dataset (CTU-13). The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control (C&C) channel and that cause malicious actions such as phishing, distributed denial-of-service (DDoS) attacks, spam attacks, etc. BotSward is robust to zero-day attacks, suitable for large-scale datasets, and is intended to produce better accuracy than state-of-the-art techniques. The proposed BotSward solution achieved 99% accuracy in botnet attack detection with a false positive rate as low as 0.0001%.


Network security; botnet detection; graph-based features; machine learning; measure centrality

Cite This Article

K. Shinan, K. Alsubhi and M. Usman Ashraf, "Botsward: centrality measures for graph-based bot detection using machine learning," Computers, Materials & Continua, vol. 74, no.1, pp. 693–714, 2023.

This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 161


  • 140


  • 0


Share Link

WeChat scan