Abstract
Network forensics aids in the identification of distinct network-based attacks through packet-level analysis of collected network traffic. It also unveils the attacker's intentions and operations. After identification, it is inevitable to design an efficient network attack detection model. Therefore, this work modifies the generic network forensic framework for attack investigation with two primary objectives i.e., Analysis and detection of attacks. In the proposed framework, a three-level analysis is performed. First, packet-level analysis is performed to study the attack behavior. Second, a graphical analysis is completed to determine both the attack flow and whether a node is an attacker or a victim. Moreover, it also assigns a score to the node indicating the severity of the attack. Finally, forensics exploratory data analysis (FEDA) is performed to distinguish the distribution of different features during attack and normal scenarios. For attack detection, the framework uses a convolution neural network (CNN-1D). CSE-CIC-IDS2018 (CIC2018), UNSW-NB15 and CIC-Darknet2020 datasets are used to test the performance of the proposed framework, wherein, it classifies distinct classes of attacks with an accuracy of 99.4%, 99.0%, and 90% on each dataset respectively. The results show that the proposed framework is more effective than previous works in attack detection and network traffic classification.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.