Article: An explainable botnet detection model based on lightweight graph neural networks Journal: International Journal of Computational Science and Engineering (IJCSE) 2025 Vol.28 No.2 pp.219 - 231 Abstract: Botnets represent a significant threat to the security of the current internet network environment. They can be employed to carry out various malicious activities, not only impairing the performance and security of individual devices but also causing extensive damage to the entire network. Therefore, efficient detection of botnets is essential for network security. In recent years, the mainstream approach to botnet detection has involved the use of graph neural network (GNN) models, aiming to fully utilise the graph-structured properties of network data. However, current GNN methods frequently struggle with complicated structures and lack interpretability. To address these issues, we have designed a new model based on graph isomorphism networks (GINs). This model significantly simplifies the complexity without compromising detection accuracy and introduces explainable techniques for analysing model weights and conducting subgraph mining. By leveraging the concept of graph isomorphism, our method can more precisely characterise and identify botnet features. Experimental results demonstrate that our model excels in both accuracy and interpretability, making it highly valuable for real-world network environment applications. Inderscience Publishers - linking academia, business and industry through research

Title: An explainable botnet detection model based on lightweight graph neural networks

Authors: Guofeng He; Jianghua Zhu; Yinong Shi; Ke Yan; Xu Zheng

Addresses: School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu, China ' Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Chengdu, China ' School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China ' School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China; KASH Institute of Electronics and Information Industry, Kashi, China ' School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China; KASH Institute of Electronics and Information Industry, Kashi, China

Abstract: Botnets represent a significant threat to the security of the current internet network environment. They can be employed to carry out various malicious activities, not only impairing the performance and security of individual devices but also causing extensive damage to the entire network. Therefore, efficient detection of botnets is essential for network security. In recent years, the mainstream approach to botnet detection has involved the use of graph neural network (GNN) models, aiming to fully utilise the graph-structured properties of network data. However, current GNN methods frequently struggle with complicated structures and lack interpretability. To address these issues, we have designed a new model based on graph isomorphism networks (GINs). This model significantly simplifies the complexity without compromising detection accuracy and introduces explainable techniques for analysing model weights and conducting subgraph mining. By leveraging the concept of graph isomorphism, our method can more precisely characterise and identify botnet features. Experimental results demonstrate that our model excels in both accuracy and interpretability, making it highly valuable for real-world network environment applications.

Keywords: graph neural network; GNN; botnet detection; anomaly detection; network security.

DOI: 10.1504/IJCSE.2025.144821

International Journal of Computational Science and Engineering, 2025 Vol.28 No.2, pp.219 - 231

Received: 28 Jan 2024
Accepted: 11 Apr 2024
Published online: 03 Mar 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: An explainable botnet detection model based on lightweight graph neural networks

Keep up-to-date