LGANet: Local Graph Attention Network for Peer-to-Peer Botnet Detection

2021 3rd International Conference on Advances in Computer Technology, Information Science and Communication (CTISC) Pub Date : 2021-04-01 DOI:10.1109/CTISC52352.2021.00013

Yunyi Yang, Liming Wang

{"title":"LGANet: Local Graph Attention Network for Peer-to-Peer Botnet Detection","authors":"Yunyi Yang, Liming Wang","doi":"10.1109/CTISC52352.2021.00013","DOIUrl":null,"url":null,"abstract":"Botnets have become one of significant intrusion threats against network security. The decentralized nature of Peer-to-Peer (P2P) botnets makes them easy to survive and hard to be detected. In this paper, we propose Local Graph Attention Network (LGANet), a novel framework that detects P2P bots precisely utilizing both network traffic-based features and topological features. Firstly, we consider each node in the network communication graph as a centroid and construct a local graph for generating contextual-aware features. Secondly, the local graph attention mechanism is applied to the local graph aiming to pay attention to most topology-relative information. Moreover, to fully capture various features in different representation sub-spaces, a multi-head local graph attention layer is constructed which contains multiple single-head local graph attention layers in parallel. Thirdly, we design an adaptive gate fusion module which fuses features in different levels adaptively and produces an enriched presentation. Extensive experimental results demonstrate the effectiveness of our LGANet for P2P botnet detection.","PeriodicalId":268378,"journal":{"name":"2021 3rd International Conference on Advances in Computer Technology, Information Science and Communication (CTISC)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 3rd International Conference on Advances in Computer Technology, Information Science and Communication (CTISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CTISC52352.2021.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Botnets have become one of significant intrusion threats against network security. The decentralized nature of Peer-to-Peer (P2P) botnets makes them easy to survive and hard to be detected. In this paper, we propose Local Graph Attention Network (LGANet), a novel framework that detects P2P bots precisely utilizing both network traffic-based features and topological features. Firstly, we consider each node in the network communication graph as a centroid and construct a local graph for generating contextual-aware features. Secondly, the local graph attention mechanism is applied to the local graph aiming to pay attention to most topology-relative information. Moreover, to fully capture various features in different representation sub-spaces, a multi-head local graph attention layer is constructed which contains multiple single-head local graph attention layers in parallel. Thirdly, we design an adaptive gate fusion module which fuses features in different levels adaptively and produces an enriched presentation. Extensive experimental results demonstrate the effectiveness of our LGANet for P2P botnet detection.

查看原文本刊更多论文

LGANet:用于点对点僵尸网络检测的局部图关注网络

僵尸网络已成为威胁网络安全的重要入侵威胁之一。点对点(P2P)僵尸网络的分散性使其易于生存且难以被检测到。在本文中，我们提出了局部图注意网络(LGANet)，这是一种利用基于网络流量的特征和拓扑特征精确检测P2P机器人的新框架。首先，我们将网络通信图中的每个节点视为一个质心，并构造一个局部图来生成上下文感知特征。其次，将局部图关注机制应用于局部图，以关注大多数拓扑相关信息;此外，为了充分捕获不同表示子空间中的各种特征，构造了一个多头局部图注意层，该层由多个单头局部图注意层并行组成。第三，设计了自适应门融合模块，对不同层次的特征进行自适应融合，呈现出丰富的图像。大量的实验结果证明了LGANet在P2P僵尸网络检测中的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 3rd International Conference on Advances in Computer Technology, Information Science and Communication (CTISC)

自引率

0.00%

发文量