Akademik Veri Yönetim Sistemi
Applied Sciences (Switzerland), cilt.16, sa.1, 2026 (SCI-Expanded, Scopus)
Botnets represent a persistent and significant threat to internet security. Many detection methods fail because they analyze isolated node data, neglecting the coordinated interactions of centrally managed bots. Graph-based methods, particularly Graph Neural Networks (GNNs), offer a promising solution. This study developed and compared four novel GNN models (HeteroGCN, HeteroGAT, HeteroSAGE, and HeteroGAE) for botnet detection. We constructed a heterogeneous graph from the TI-16 DNS-labeled dataset, capturing interactions between users and domains. Experimental results show our models achieve up to 95% accuracy. Specifically, HeteroSAGE and HeteroGAE significantly outperform other models, demonstrating superior F1-Scores and exceptionally high Recall. This high recall, indicating a low false-negative rate, is critical for effective anomaly detection. Conversely, the computationally expensive HeteroGAT model yielded poorer results and slower inference times, demonstrating that increased model complexity does not guarantee better performance. To our knowledge, this is the first study to successfully apply and compare heterogeneous GNNs for bot detection using DNS query data.