Title: Method for botnet detection with small labelled samples based on graph neural network

Authors: Junjing Zhu; Honggang Lin

Addresses: School of Cybersecurity (Xin Gu Industrial College), Chengdu University of Information Technology, Chengdu 610225, China ' School of Cybersecurity (Xin Gu Industrial College), Chengdu University of Information Technology, Chengdu 610225, China

Abstract: Deep learning-based botnet detection techniques need to be trained using a large number of labelled samples, which is incompatible with the current environment where botnets occur in short cycles and mutate quickly. Therefore, we propose a PAR-BD method based on graph neural networks. Using an autoregressive method to generate interdependent host nodes and communication edges, we pre-train the graph neural network. Then we use the pre-trained model to initialise the detection model and a small number of labelled botnet samples to train the model, to improve the accuracy of botnet detection under small samples. The experimental results show that when using this method for botnet detection with few labelled samples, the results are better than graph node classification method, few nodes classification method, and few labelled graph node classification method.

Keywords: botnet; botnet detection; small labelled sample detection; pre-training; self-supervised learning.

DOI: 10.1504/IJICS.2025.145111

International Journal of Information and Computer Security, 2025 Vol.26 No.1/2, pp.91 - 108

Received: 16 Sep 2023
Accepted: 23 Mar 2024
Published online: 19 Mar 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article