A Graph-Based Machine Learning Approach for Bot Detection
This addresses bot detection for network security, but it appears incremental as it builds on existing graph-based approaches.
The paper tackles bot detection by proposing a two-phased graph-based system using unsupervised and supervised machine learning to prune benign hosts and detect bots with high precision, achieving robustness to zero-day attacks and suitability for large-scale data.
Bot detection using machine learning (ML), with network flow-level features, has been extensively studied in the literature. However, existing flow-based approaches typically incur a high computational overhead and do not completely capture the network communication patterns, which can expose additional aspects of malicious hosts. Recently, bot detection systems which leverage communication graph analysis using ML have gained attention to overcome these limitations. A graph-based approach is rather intuitive, as graphs are true representations of network communications. In this paper, we propose a two-phased, graph-based bot detection system which leverages both unsupervised and supervised ML. The first phase prunes presumable benign hosts, while the second phase achieves bot detection with high precision. Our system detects multiple types of bots and is robust to zero-day attacks. It also accommodates different network topologies and is suitable for large-scale data.