A Novel Network Forensic Framework for Advanced Persistent Threat Attack Attribution Through Deep Learning

The Internet now plays a pivotal role in the social and economic land space, providing individuals and businesses with access to essential daily services and tasks. However, it has also become a breeding ground for conflicts. Advanced Persistent Threats (APTs) pose a formidable challenge when directed at organizations and governments, exposing the entire network to substantial security risks. Employing network forensics for attributing cyber-attacks and acquiring timely, credible forensic results is a fundamental challenge in maintaining cyber security. This paper introduces a Deep Learning-based network forensics framework for digitally identifying and tracking network attacks, providing a comprehensive overview of the network forensics process. Specifically, the authors extract network traffic and employ encryption to ensure the integrity and security of data. Subsequently, the authors apply feature filtering techniques to retain essential traceability information, and Deep Learning model parameters are automatically optimized using hyperparameter optimization techniques. Lastly, the authors develop a Multi-Layer Perceptual Deep Neural Network (MLP DNN) model with perceptual capabilities for detecting anomalous events within the network. The authors evaluated the framework’s effectiveness using the UNSW-NB15 dataset. The experiments demonstrate that the proposed framework is applicable to APT attack forensics scenarios. In comparison to other AI methods, the framework excels in discovering and tracking network attack events with high performance.

• Record URL:
  • http://dx.doi.org/10.1109/TITS.2024.3360260
• Availability:
  • Find a library where document is available. Order URL: http://worldcat.org/oclc/41297384
• Supplemental Notes:
  • Copyright © 2024, IEEE.
• Authors:
  • Mei, Y
  • Han, W
  • Lin, K
  • Tian, Z
  • Li, S
• Publication Date: 2024-9

Language

• English

Media Info

• Media Type: Web
• Features: References;
• Pagination: pp 12131-12140
• Serial:
  • IEEE Transactions on Intelligent Transportation Systems
  • Volume: 25
  • Issue Number: 9
  • Publisher: Institute of Electrical and Electronics Engineers (IEEE)
  • ISSN: 1524-9050
  • Serial URL: http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6979

Subject/Index Terms

• TRT Terms: Computer networks; Computer security; Data protection; Internet; Machine learning
• Subject Areas: Data and Information Technology; Security and Emergencies; Transportation (General);

Filing Info

• Accession Number: 01938844
• Record Type: Publication
• Files: TRIS
• Created Date: Dec 6 2024 9:19AM