LIU Chuanzhen,LIU Guilin,SUO Wang.Botnet Detection Method based on GAT-GRU[J].Journal of Chengdu University of Information Technology,2026,41(01):24-31.[doi:10.16836/j.cnki.jcuit.2026.01.004]
基于GAT-GRU的僵尸网络检测方法
- Title:
- Botnet Detection Method based on GAT-GRU
- 文章编号:
- 2096-1618(2026)01-0024-08
- Keywords:
- botnet; graph attention network; gated recurrent unit
- 分类号:
- TP309.5
- 文献标志码:
- A
- 摘要:
- 僵尸网络的攻击对互联网威胁极大,有效检测僵尸网络对维护网络空间安全具有重要意义。目前大多数僵尸网络检测算法主要关注大规模僵尸网络,对小规模僵尸网络检测效果不佳。提出一种基于图注意力网络和门控循环单元的检测方法,从时间和空间两个维度检测小规模僵尸网络。该方法不依赖于流量协议的特征,将僵尸网络通信拓扑图、图中节点属性以及动态变化的信息引入模型中,根据时间段将数据流量进行划分,分别提取僵尸网络流量中的源IP、目的IP作为图中节点,将度数作为图的边缘权重,将PageRank值和局部聚类系数作为图中节点的属性,生成时序图; 将时序图作为图注意力网络的输入提取僵尸网络的空间特征; 将带有时间序列的空间特征向量作为门控循环单元的输入,提取僵尸网络的时空特征,通过分类函数完成僵尸网络检测。实验结果表明,与其他方法相比,该方法对小规模的僵尸网络检测效果更佳,同时也适用于检测大规模的僵尸网络。
- Abstract:
- The attack of botnet brings great threat to the Internet. It is of great significance to detect the botnet effectively to maintain network security. At present, most botnet detection algorithms mainly focus on large-scale botnets and have poor detection effects on small-scale botnets. A detection method based on the graph attention network and gated loop unit is proposed to detect small-scale botnets from two dimensions of time and space. This method does not depend on the characteristics of the traffic protocol, and introduces the botnet communication topology, node attributes, and dynamic change information into the model, divides the data traffic according to the period, extracts the source IP address and destination IP address of the botnet traffic respectively as the nodes in the graph, and uses the degree number as the edge weight of the graph. In order to generate a time sequence graph, the PageRank value and local clustering coefficient are employed as the attributes of nodes. The spatial features of the botnet are then extracted by utilising a time sequence diagram as the input of the graph attention network. The spatial feature vector with time series is employed as the input for the gated recurrent unit, to extract the spatiotemporal features of the botnet. Subsequently, the botnet is identified through the classification function. Empirical results indicate that compared to other methodologies, the proposed approach yields superior efficacy in detecting small-scale botnets, while also demonstrating applicability for the detection of large-scale botnets.
参考文献/References:
[1] 国家计算机网络应急技术处理协调中心(CNCERT/CC).2020年中国互联网网络安全报告[EB/OL]. https://www.cert.org.cn/publish/main/8/2021/20210721130944504525772/20210721130944504525772_.html,2021-07-21.
[2] Javier Velasco-Mata,Víctor González-Castro.Efficient Detection of Botnet Traffic by features selection and DecisionTrees[EB/OL]. https://arxiv.org/abs/2107.02896,2021-06-30.
[3] 于洋,陈丹伟.基于卷积神经网络的僵尸网络检测[J].计算机应用与软件,2022,39(5):336-341.
[4] 卢法权.基于深度学习的僵尸网络检测技术研究[D].南京:南京邮电大学,2021.
[5] Jagadeesan S,Amutha B.An efficient botnet detection with the enhanced support vector neural network[J].Measurement,2021,176:109140.
[6] Jeeyung K,Alex S, Jinoh K,et al.Improving Botnet Detection with Recurrent Neural Network and Transfer Learning[EB/OL]. https://arxiv.org/abs/2104.12602,2021-4-26.
[7] 谭越,邹福泰.基于ResNet和BiLSTM的僵尸网络检测方法[J].通信技术,2019,52(12):2975-2981.
[8] Alharbi A,Alsubhi K.Botnet detection approach using graph-based machine learning[J].IEEE Access,2021,9:99166-99180.
[9] Padmavathi B,Muthukumar B.An efficient botnet detection approach based on feature learning and classification[J].Journal of Control and Decision,2022,10(1):1-14.
[10] Wang W,Shang Y,He Y,et al.BotMark:Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors[J].Information Sciences,2020,511:284-296.
[11] Long C,Xiao X,Wan W,et al.Botnet Detection Based on Flow Summary and Graph Sampling with Machine Learning[C].2021 International Conference on Computer Engineering and Application(ICCEA).IEEE,2021:309-317.
[12] Wang J,Paschalidis I C.Botnet Detection using Social Graph Analysis[EB/OL]. https://arxiv.org/abs/1503.02337,2015-03-08.
[13] Abou D A,Salahuddin M A,Limam N,et al.BotChase:Graph-based bot detection using machine learning[J].IEEE Transactions on Network and Service Management,2020,17(1):15-29.
[14] Chowdhury S,Khanzadeh M,Akula R,et al.Botnet detection using graph-based feature clustering[J].Journal of BigData,2017,4:14.
[15] Zhou Jiawei,Xu Zhiying,Alexander M Rush,et al.Automating Botnet Detection with Graph Neural Networks[EB/OL]. https://arxiv.org/abs/2003.06344,2020-03-14.
[16] Yang Y,Wang L.LGANet:local graph attention network for peer-to-peer botnet detection[C].2021 3rd International Conference on Advances in Computer Technology,Information Science and Communication(CTISC).IEEE,2021:31-36.
[17] Julie Choi.Personalized PageRank Graph Attention Networks[EB/OL]. https://arxiv.org/abs/2205.14259,2022-05-27.
[18] Kyunghyun Cho, Bart van Merrienboer,Caglar Gulcehre,et al.Learning Phrase Representations using RNN Encoder-Decoder for Statistical Machine Translation[EB/OL]. https://arxiv.org/abs/1406.1078,2014-06-03.
[19] E.Biglar Beigi,H.Hadian Jazi,N.Stakhanova,et al,Towards effective feature selection in machine learning-based botnet detection approaches[C].2021 3rd International Conference on Advances in Computer Technology,Information Science and Communication(CTISC).IEEE,2021:247-255.
相似文献/References:
[1]郭楠馨,林宏刚,张运理,等.基于元学习的僵尸网络检测研究[J].成都信息工程大学学报,2022,37(06):615.[doi:10.16836/j.cnki.jcuit.2022.06.001]
GUO Nanxin,LIN Honggang,ZHANG Yunli,et al.Botnet Detection Method based on Meta-Learning Network[J].Journal of Chengdu University of Information Technology,2022,37(01):615.[doi:10.16836/j.cnki.jcuit.2022.06.001]
备注/Memo
收稿日期:2024-07-01
基金项目:国家242信息安全计划资助项目(2021A063)
通信作者:索望.mail:suowang@cuit.edu.cn