Botnets pose significant threats to networks and IoT infrastructures as the number of connected devices grows into the billions 10, 11. In this work, we propose a novel Deep Graph Neural Network (DGNN) approach for flow-level botnet detection on the CTU-13 dataset. We treat each NetFlow record as a node in a graph, connecting nodes via k-nearest neighbor similarity in feature space. Our DGNN employs multiple Graph Isomorphism Network (GIN) layers with residual connections to classify each flow as botnet or benign. Evaluated on CTU-13, our model achieves high detection performance (98.9% accuracy, with 90% recall on botnet flows) after addressing class imbalance. We compare our method with existing machine learning and deep learning baselines. We estimate the novelty of our approach at about 70%, as the combination of techniques used (k-NN flow graph + deep GNN) is significantly different from prior work. We also discuss how our approach differs from previous graph-based detectors and outline future improvements.
N et al. (Thu,) studied this question.