Active Spectral Botnet Detection Based on Eigenvalue Weighting

Botnets are a distributed network of infected nodes captured by cyber-criminals to design and implement a wide-range of cyber attacks. Graph clustering is a significant trend in machine learning that aims to group the graph vertices, is a practical technique for botnet detection. Spectral Clustering algorithms are a modern, persuasive, and analytical category of graph clustering which utilizes a spectrum of a graph’s matrix to discover the hidden structure of nodes. Spectral methods employ similarity matrix of a graph, but in botnet detection problem preparing the whole of the similarity matrix is costly, time-consuming, impossible, or might have a level of uncertainty. In this chapter, we review active spectral methods presented for this occasion that suggest a recursive approach to perform clustering on datasets, including more than two clusters and illustrate deficiency of the recursive approach. Next, we propose a new method that leverages a combination of eigenvalues and eigenvectors. Furthermore, a new metric is introduced to compare active spectral algorithms by considering the directions of most important eigenvectors of queried matrix related to a complete matrix.