Open Access iconOpen Access

ARTICLE

BotSward: Centrality Measures for Graph-Based Bot Detection Using Machine Learning

Khlood Shinan1,2, Khalid Alsubhi2, M. Usman Ashraf3,*

1 Department of Computer Science, College Computer Science in Al-Leith, Umm Al-Qura University, Mecca 21421, Saudi Arabia
2 Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
3 Department of Computer Science, GC Women University Sialkot, Pakistan

* Corresponding Author: M. Usman Ashraf. Email: email

Computers, Materials & Continua 2023, 74(1), 693-714. https://doi.org/10.32604/cmc.2023.031641

Abstract

The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet. Bot detection using machine learning (ML) with flow-based features has been extensively studied in the literature. Existing flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features of malicious hosts. Recently, Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations, as graphs provide a real representation of network communications. The purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and ML. We propose BotSward, a graph-based bot detection system that is based on ML. We apply the efficient centrality measures, which are Closeness Centrality (CC), Degree Centrality (CC), and PageRank (PR), and compare them with others used in the state-of-the-art. The efficiency of the proposed method is verified on the available Czech Technical University 13 dataset (CTU-13). The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control (C&C) channel and that cause malicious actions such as phishing, distributed denial-of-service (DDoS) attacks, spam attacks, etc. BotSward is robust to zero-day attacks, suitable for large-scale datasets, and is intended to produce better accuracy than state-of-the-art techniques. The proposed BotSward solution achieved 99% accuracy in botnet attack detection with a false positive rate as low as 0.0001%.

Keywords


Cite This Article

APA Style
Shinan, K., Alsubhi, K., Ashraf, M.U. (2023). Botsward: centrality measures for graph-based bot detection using machine learning. Computers, Materials & Continua, 74(1), 693-714. https://doi.org/10.32604/cmc.2023.031641
Vancouver Style
Shinan K, Alsubhi K, Ashraf MU. Botsward: centrality measures for graph-based bot detection using machine learning. Comput Mater Contin. 2023;74(1):693-714 https://doi.org/10.32604/cmc.2023.031641
IEEE Style
K. Shinan, K. Alsubhi, and M.U. Ashraf, “BotSward: Centrality Measures for Graph-Based Bot Detection Using Machine Learning,” Comput. Mater. Contin., vol. 74, no. 1, pp. 693-714, 2023. https://doi.org/10.32604/cmc.2023.031641



cc Copyright © 2023 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1318

    View

  • 695

    Download

  • 0

    Like

Share Link