{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T06:24:40Z","timestamp":1775024680746,"version":"3.50.1"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,18]],"date-time":"2025-01-18T00:00:00Z","timestamp":1737158400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,1,18]],"date-time":"2025-01-18T00:00:00Z","timestamp":1737158400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004775","name":"Natural Science Foundation of Gansu Province","doi-asserted-by":"publisher","award":["21JR7RA570"],"award-info":[{"award-number":["21JR7RA570"]}],"id":[{"id":"10.13039\/501100004775","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004775","name":"Natural Science Foundation of Gansu Province","doi-asserted-by":"publisher","award":["20JR10RA334"],"award-info":[{"award-number":["20JR10RA334"]}],"id":[{"id":"10.13039\/501100004775","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Gansu University of Political Science and Law Major Scientific Research and Innovation Projects","award":["GZF2020XZDA03"],"award-info":[{"award-number":["GZF2020XZDA03"]}]},{"name":"Young Doctoral Fund project of Higher Education institutions in Gansu Province in 2022","award":["2022QB-123"],"award-info":[{"award-number":["2022QB-123"]}]},{"name":"Gansu Province Higher Education Innovation Fund Project","award":["2022A-097"],"award-info":[{"award-number":["2022A-097"]}]},{"name":"the University-level Innovative Research Team of Gansu University of Political Science and Law"},{"name":"the Gansu University of Political Science and Law Graduate Research Innovation Project in 2023","award":["2023029"],"award-info":[{"award-number":["2023029"]}]},{"name":"the Gansu Provincial University Scientific Research Innovation Platform Major Cultivation Project","award":["2024CXPT-22"],"award-info":[{"award-number":["2024CXPT-22"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>\n A botnet is a group of hijacked devices that conduct various cyberattacks, which is one of the most dangerous threats on the internet. Organizations or individuals use network traffic to mine botnet communication behavior features. Network traffic often contains individual users\u2019 private information, such as website passwords, personally identifiable information, and communication content. Among the existing botnet detection methods, whether they extract deterministic traffic interaction features, use DNS traffic, or methods based on raw traffic bytes, these methods focus on the detection performance of the detection model and ignore possible privacy leaks. And most methods are combined with machine learning and deep learning technologies, which require a large amount of training data to obtain high-precision detection models. Therefore, preventing malicious persons from stealing data to infer privacy during the botnet detection process has become an issue worth pondering. Based on this problem, this article proposes a privacy-enhanced framework with deep learning for botnet detection. The goal of this framework is to learn a feature extractor. It can hide the private information that the attack model tries to infer from the intermediate anonymity features, while maximally retaining the interactive behavior features contained in the original traffic for botnet detection. We design a privacy confrontation algorithm based on a mutual information calculation mechanism. This algorithm simulates the game between the attacker trying to infer private information through the attack model and the data processor retaining the original content of the traffic to the maximum extent. In order to further ensure the privacy protection of the feature extractor during the training process, we train the feature extractor in the federated learning training mode. We extensively evaluate our approach, validating it on two public datasets and comparing it with existing methods. The results show that our method can effectively ensure detection accuracy on the basis of removing private information. For the CTU-13 dataset, the detection framework achieves the best detection performance; for the ISCX-2014 dataset, the accuracy of the framework is less than 1% lower than the best effect.<\/jats:p>","DOI":"10.1186\/s42400-024-00307-8","type":"journal-article","created":{"date-parts":[[2025,1,18]],"date-time":"2025-01-18T02:03:04Z","timestamp":1737165784000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A privacy-enhanced framework with deep learning for botnet detection"],"prefix":"10.1186","volume":"8","author":[{"given":"Guangli","family":"Wu","sequence":"first","affiliation":[]},{"given":"Xingyue","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,18]]},"reference":[{"key":"307_CR1","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.640","volume":"7","author":"S Al-Mashhadi","year":"2021","unstructured":"Al-Mashhadi S, Anbar M, Hasbullah I et al (2021) Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic. PeerJ Comput Sci 7:e640","journal-title":"PeerJ Comput Sci"},{"key":"307_CR2","doi-asserted-by":"publisher","first-page":"1541","DOI":"10.1007\/s00521-015-2128-0","volume":"28","author":"K Alieyan","year":"2017","unstructured":"Alieyan K, Almomani A, Manasrah A et al (2017) A survey of botnet detection based on DNS. Neural Comput Appl 28:1541\u20131558","journal-title":"Neural Comput Appl"},{"issue":"4","key":"307_CR3","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1080\/17517575.2019.1644673","volume":"15","author":"K Alieyan","year":"2021","unstructured":"Alieyan K, Almomani A, Anbar M et al (2021) DNS rule-based schema to botnet detection. Enterp Inf Syst 15(4):545\u2013564","journal-title":"Enterp Inf Syst"},{"key":"307_CR4","unstructured":"Antonakakis M, April T, Bailey M et\u00a0al (2017) Understanding the mirai botnet. In: 26th USENIX security symposium (USENIX Security 17), pp 1093\u20131110"},{"key":"307_CR5","doi-asserted-by":"crossref","unstructured":"Bansal A, Mahapatra S (2017) A comparative analysis of machine learning techniques for botnet detection. In: Proceedings of the 10th international conference on security of information and networks, pp 91\u201398","DOI":"10.1145\/3136825.3136874"},{"key":"307_CR6","doi-asserted-by":"crossref","unstructured":"Beigi EB, Jazi HH, Stakhanova N et\u00a0al (2014) Towards effective feature selection in machine learning-based botnet detection approaches. In: 2014 IEEE conference on communications and network security, IEEE, pp 247\u2013255","DOI":"10.1109\/CNS.2014.6997492"},{"key":"307_CR7","doi-asserted-by":"crossref","unstructured":"Feily M, Shahrestani A, Ramadass S (2009) A survey of botnet and botnet detection. In: 2009 3rd international conference on emerging security information. Systems and technologies, IEEE, pp 268\u2013273","DOI":"10.1109\/SECURWARE.2009.48"},{"issue":"7","key":"307_CR8","first-page":"95","volume":"42","author":"Q Futai","year":"2021","unstructured":"Futai Q, Yue T, Lin W et al (2021) Botnet detection based on generative adversarial networks. J Commun 42(7):95\u2013106","journal-title":"J Commun"},{"key":"307_CR9","doi-asserted-by":"crossref","unstructured":"Gao X, Han P, Liu C et\u00a0al (2021) Prfp: privacy-respecting and accurate device fingerprint identification. In: 2021 IEEE 6th international conference on data science in cyberspace (DSC), IEEE, pp 264\u2013271","DOI":"10.1109\/DSC53577.2021.00043"},{"key":"307_CR10","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1016\/j.cose.2014.05.011","volume":"45","author":"S Garcia","year":"2014","unstructured":"Garcia S, Grill M, Stiborek J et al (2014) An empirical comparison of botnet detection. Comput Secur Methods 45:100\u2013123","journal-title":"Comput Secur Methods"},{"key":"307_CR11","unstructured":"Hang H, Wei X, Faloutsos M et\u00a0al (2013) Entelecheia: detecting p2p botnets in their waiting stage. In: 2013 IFIP networking conference, IEEE, pp 1\u20139"},{"key":"307_CR12","unstructured":"Hjelm RD, Fedorov A, Lavoie-Marchildon S et\u00a0al (2018) Learning deep representations by mutual information estimation and maximization. arXiv preprint arXiv:1808.6670"},{"issue":"2","key":"307_CR13","first-page":"65","volume":"54","author":"L Honggang","year":"2022","unstructured":"Honggang L, Yunli Z, Nanxin G et al (2022) P2p botnet detection method based on graph neural network. Eng Sci Technol 54(2):65\u201372","journal-title":"Eng Sci Technol"},{"key":"307_CR14","doi-asserted-by":"crossref","unstructured":"Hu S, Liu X, Zhang Y et\u00a0al (2022) Protecting facial privacy: Generating adversarial identity masks via style-robust makeup transfer. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition, pp 15014\u201315023","DOI":"10.1109\/CVPR52688.2022.01459"},{"key":"307_CR15","doi-asserted-by":"publisher","first-page":"48753","DOI":"10.1109\/ACCESS.2021.3060778","volume":"9","author":"WNH Ibrahim","year":"2021","unstructured":"Ibrahim WNH, Anuar S, Selamat A et al (2021) Multilayer framework for botnet detection using machine learning algorithms. IEEE Access 9:48753\u201348768","journal-title":"IEEE Access"},{"key":"307_CR16","first-page":"7","volume":"7","author":"A Karasaridis","year":"2007","unstructured":"Karasaridis A, Rexroad B, Hoeflin DA et al (2007) Wide-scale botnet detection and characterization. HotBots 7:7\u20137","journal-title":"HotBots"},{"key":"307_CR17","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.compeleceng.2016.01.012","volume":"50","author":"G Kirubavathi","year":"2016","unstructured":"Kirubavathi G, Anitha R (2016) Botnet detection via mining of traffic flow characteristics. Comput Electr Eng 50:91\u2013101","journal-title":"Comput Electr Eng"},{"key":"307_CR18","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3183361","author":"PP Kundu","year":"2022","unstructured":"Kundu PP, Truong-Huu T, Chen L et al (2022) Detection and classification of botnet traffic using deep learning with model explanation. IEEE Trans Dependable Secur Comput. https:\/\/doi.org\/10.1109\/TDSC.2022.3183361","journal-title":"IEEE Trans Dependable Secur Comput"},{"key":"307_CR19","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.comnet.2015.12.008","volume":"97","author":"J Kwon","year":"2016","unstructured":"Kwon J, Lee J, Lee H et al (2016) Psybog: a scalable botnet detection method for large-scale DNS traffic. Comput Netw 97:48\u201373","journal-title":"Comput Netw"},{"key":"307_CR20","first-page":"4","volume-title":"Entropy and mutual information","author":"EG Learned-Miller","year":"2013","unstructured":"Learned-Miller EG (2013) Entropy and mutual information. Department of Computer Science, University of Massachusetts, Amherst, p 4"},{"issue":"6","key":"307_CR21","first-page":"418","volume":"11","author":"S Lee","year":"2020","unstructured":"Lee S, Abdullah A, Jhanjhi N (2020) A review on honeypot-based botnet detection models for smart factory. Int J Adv Comput Sci Appl 11(6):418\u2013435","journal-title":"Int J Adv Comput Sci Appl"},{"key":"307_CR22","doi-asserted-by":"crossref","unstructured":"Letteri I, Della\u00a0Penna G, Caianiello P (2019) Feature selection strategies for http botnet traffic detection. In: 2019 IEEE European symposium on security and privacy workshops (EuroS &PW), IEEE, pp 202\u2013210","DOI":"10.1109\/EuroSPW.2019.00029"},{"key":"307_CR23","unstructured":"Li A, Guo J, Yang H et\u00a0al (2019) Deepobfuscator: adversarial training framework for privacy-preserving image classification. arXiv preprint arXiv:1909.4126"},{"key":"307_CR24","doi-asserted-by":"crossref","unstructured":"Li A, Duan Y, Yang H et\u00a0al (2020) Tiprdc: task-independent privacy-respecting data crowdsourcing framework for deep learning with anonymized intermediate representations. In: Proceedings of the 26th ACM SIGKDD international conference on knowledge discovery & data mining, pp 824\u2013832","DOI":"10.1145\/3394486.3403125"},{"issue":"4","key":"307_CR25","first-page":"1","volume":"3","author":"S Liu","year":"2019","unstructured":"Liu S, Du J, Shrivastava A et al (2019) Privacy adversarial network: representation learning for mobile data privacy. Proc ACM Interact Mobile Wearable Ubiquitous Technol 3(4):1\u201318","journal-title":"Proc ACM Interact Mobile Wearable Ubiquitous Technol"},{"key":"307_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2023.100747","volume":"22","author":"WW Lo","year":"2023","unstructured":"Lo WW, Kulatilleke G, Sarhan M et al (2023) Xg-bot: an explainable deep graph neural network for botnet detection and forensics. Internet Things 22:100747","journal-title":"Internet Things"},{"issue":"3","key":"307_CR27","first-page":"264","volume":"17","author":"M Mahmoud","year":"2015","unstructured":"Mahmoud M, Nir M, Matrawy A et al (2015) A survey on botnet architectures, detection and defences. Int J Netw Secur 17(3):264\u2013281","journal-title":"Int J Netw Secur"},{"key":"307_CR28","doi-asserted-by":"publisher","first-page":"1668","DOI":"10.1016\/j.procs.2018.05.137","volume":"132","author":"L Mathur","year":"2018","unstructured":"Mathur L, Raheja M, Ahlawat P (2018) Botnet detection via mining of network traffic flow. Proc Comput Sci 132:1668\u20131677","journal-title":"Proc Comput Sci"},{"key":"307_CR29","unstructured":"McMahan B, Moore E, Ramage D et\u00a0al (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics, PMLR, pp 1273\u20131282"},{"key":"307_CR30","unstructured":"Nowozin S, Cseke B, Tomioka R (2016) f-gan: training generative neural samplers using variational divergence minimization. In: Advances in neural information processing systems, vol 29"},{"key":"307_CR31","doi-asserted-by":"crossref","unstructured":"Passerini E, Paleari R, Martignoni L et\u00a0al (2008) Fluxor: detecting and monitoring fast-flux service networks. In: Detection of intrusions and malware, and vulnerability assessment: 5th international conference, DIMVA 2008, Paris, France, July 10-11, 2008, Proceedings 5, Springer, pp 186\u2013206","DOI":"10.1007\/978-3-540-70542-0_10"},{"issue":"6","key":"307_CR32","doi-asserted-by":"publisher","DOI":"10.1002\/nem.2039","volume":"28","author":"A Pekta\u015f","year":"2018","unstructured":"Pekta\u015f A, Acarman T (2018) Botnet detection based on network flow summary and deep learning. Int J Netw Manag 28(6):e2039","journal-title":"Int J Netw Manag"},{"issue":"3","key":"307_CR33","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/s10922-022-09655-7","volume":"30","author":"M Shahhosseini","year":"2022","unstructured":"Shahhosseini M, Mashayekhi H, Rezvani M (2022) A deep learning approach for botnet detection using raw network traffic data. J Netw Syst Manag 30(3):44","journal-title":"J Netw Syst Manag"},{"issue":"5","key":"307_CR34","doi-asserted-by":"publisher","first-page":"866","DOI":"10.3390\/sym13050866","volume":"13","author":"K Shinan","year":"2021","unstructured":"Shinan K, Alsubhi K, Alzahrani A et al (2021) Machine learning-based botnet detection in software-defined network: a systematic review. Symmetry 13(5):866","journal-title":"Symmetry"},{"issue":"3","key":"307_CR35","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi A, Shiravi H, Tavallaee M et al (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357\u2013374","journal-title":"Comput Secur"},{"key":"307_CR36","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.cose.2019.05.019","volume":"86","author":"M Singh","year":"2019","unstructured":"Singh M, Singh M, Kaur S (2019) Issues and challenges in DNS based botnet detection: a survey. Comput Secur 86:28\u201352","journal-title":"Comput Secur"},{"issue":"4","key":"307_CR37","doi-asserted-by":"publisher","first-page":"37","DOI":"10.3390\/bdcc2040037","volume":"2","author":"S Taheri","year":"2018","unstructured":"Taheri S, Salem M, Yuan JS (2018) Leveraging image representation of network traffic data and transfer learning in botnet detection. Big Data Cognit Comput 2(4):37","journal-title":"Big Data Cognit Comput"},{"key":"307_CR38","doi-asserted-by":"crossref","unstructured":"van Roosmalen J, Vranken H, van Eekelen M (2018) Applying deep learning on packet flows for botnet detection. In: Proceedings of the 33rd annual ACM symposium on applied computing, pp 1629\u20131636","DOI":"10.1145\/3167132.3167306"},{"key":"307_CR39","doi-asserted-by":"crossref","unstructured":"Wang W, Zhu M, Zeng X et\u00a0al (2017) Malware traffic classification using convolutional neural network for representation learning. In: 2017 international conference on information networking (ICOIN), IEEE, pp 712\u2013717","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"307_CR40","doi-asserted-by":"crossref","unstructured":"Yang X, Guo Z, Mai Z (2022) Botnet detection based on machine learning. In: 2022 international conference on blockchain technology and information security (ICBCTIS), pp 213\u2013217. https:\/\/api.semanticscholar.org\/CorpusID:251521849","DOI":"10.1109\/ICBCTIS55569.2022.00056"},{"issue":"1","key":"307_CR41","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1109\/TCSS.2021.3092746","volume":"9","author":"P Zhang","year":"2021","unstructured":"Zhang P, Wang Y, Kumar N et al (2021) A security-and privacy-preserving approach based on data disturbance for collaborative edge computing in social IoT systems. IEEE Trans Comput Soc Syst 9(1):97\u2013108","journal-title":"IEEE Trans Comput Soc Syst"},{"key":"307_CR42","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1016\/j.cose.2013.04.007","volume":"39","author":"D Zhao","year":"2013","unstructured":"Zhao D, Traore I, Sayed B et al (2013) Botnet detection based on traffic behavior analysis and flow intervals. Comput Secur 39:2\u201316","journal-title":"Comput Secur"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00307-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00307-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00307-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,18]],"date-time":"2025-01-18T02:03:28Z","timestamp":1737165808000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00307-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,18]]},"references-count":42,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["307"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00307-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,18]]},"assertion":[{"value":"25 September 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 July 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 January 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"9"}}