Method for botnet detection with small labelled samples based on graph neural network

Deep learning-based botnet detection techniques need to be trained using a large number of labelled samples, which is incompatible with the current environment where botnets occur in short cycles and mutate quickly. Therefore, we propose a PAR-BD method based on graph neural networks. Using an autoregressive method to generate interdependent host nodes and communication edges, we pre-train the graph neural network. Then we use the pre-trained model to initialise the detection model and a small number of labelled botnet samples to train the model, to improve the accuracy of botnet detection under small samples. The experimental results show that when using this method for botnet detection with few labelled samples, the results are better than graph node classification method, few nodes classification method, and few labelled graph node classification method.