Machine Learning Based Network Traffic Forensics for Cyber Crime Investigation

Abstract

The growing reliance on internet-based technologies, cloud infrastructures, and interconnected digital systems has resulted in a significant rise in the incidents of cyber crimes and sophistication of the attack. Many modern cyber threats such as distributed denial-of-service (DDoS) attacks, dissemination of malware, and unauthorized access, as well as the large-scale data breaches, take place through network communication channels. These activities create a large volumes of network traffic that can be used as important digital evidence during cybercrime investigations. Network traffic forensics concentrates on analyzing such traffic to gain understanding of the attack behavior and help reconstruct security incidents so as to support the analysis of investigative nature. However, traditional forensic methods based on manual inspection or predefined rules are often not able to handle the volume and complexity of traffic generated on modern high speed networks.