An Identity and Interaction Based Network Forensic Analysis
- URL: http://arxiv.org/abs/2503.18542v1
- Date: Mon, 24 Mar 2025 10:52:23 GMT
- Title: An Identity and Interaction Based Network Forensic Analysis
- Authors: Nathan Clarke, Gaseb Alotibi, Dany Joy, Fudong Li, Steven Furnell, Ali Alshumrani, Hussan Mohammed,
- Abstract summary: This paper presents experiments designed to create a novel NFAT approach that can identify users and understand how they are using network based applications.<n>The experiments profiled across 27 users, has yielded an average 93.3% True Positive Identification Rate (TPIR)<n>Skype, Wikipedia and Hotmail services achieved a notably high level of recognition performance.
- Score: 0.7957417670045067
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In todays landscape of increasing electronic crime, network forensics plays a pivotal role in digital investigations. It aids in understanding which systems to analyse and as a supplement to support evidence found through more traditional computer based investigations. However, the nature and functionality of the existing Network Forensic Analysis Tools (NFATs) fall short compared to File System Forensic Analysis Tools (FS FATs) in providing usable data. The analysis tends to focus upon IP addresses, which are not synonymous with user identities, a point of significant interest to investigators. This paper presents several experiments designed to create a novel NFAT approach that can identify users and understand how they are using network based applications whilst the traffic remains encrypted. The experiments build upon the prior art and investigate how effective this approach is in classifying users and their actions. Utilising an in-house dataset composed of 50 million packers, the experiments are formed of three incremental developments that assist in improving performance. Building upon the successful experiments, a proposed NFAT interface is presented to illustrate the ease at which investigators would be able to ask relevant questions of user interactions. The experiments profiled across 27 users, has yielded an average 93.3% True Positive Identification Rate (TPIR), with 41% of users experiencing 100% TPIR. Skype, Wikipedia and Hotmail services achieved a notably high level of recognition performance. The study has developed and evaluated an approach to analyse encrypted network traffic more effectively through the modelling of network traffic and to subsequently visualise these interactions through a novel network forensic analysis tool.
Related papers
- Forensic Data Analytics for Anomaly Detection in Evolving Networks [13.845204373507016]
Many cybercrimes and attacks have been launched in evolving networks to perform malicious activities.
This chapter presents a digital analytics framework for network anomaly detection.
Experiments on real-world evolving network data show the effectiveness of the proposed forensic data analytics solution.
arXiv Detail & Related papers (2023-08-17T20:09:33Z) - Visual Analytics of Multivariate Networks with Representation Learning and Composite Variable Construction [19.265502727154473]
This paper presents a visual analytics workflow for studying multivariate networks.
It consists of a neural-network-based learning phase to classify the data, a dimensionality reduction and optimization phase, and an interpreting phase conducted by the user.
A key part of our design is a composite variable construction step that remodels nonlinear features obtained by neural networks into linear features that are intuitive to interpret.
arXiv Detail & Related papers (2023-03-16T18:31:18Z) - Forensicability Assessment of Questioned Images in Recapturing Detection [78.45849869266834]
We propose a forensicability assessment network to quantify the forensicability of the questioned samples.
The low-forensicability samples are rejected before the actual recapturing detection process to improve the efficiency of recapturing systems.
We integrate the trained FANet with practical recapturing detection schemes in face anti-spoofing and recaptured document detection tasks.
arXiv Detail & Related papers (2022-09-05T12:26:01Z) - A Unified Comparison of User Modeling Techniques for Predicting Data
Interaction and Detecting Exploration Bias [17.518601254380275]
We compare and rank eight user modeling algorithms based on their performance on a diverse set of four user study datasets.
Based on our findings, we highlight open challenges and new directions for analyzing user interactions and visualization provenance.
arXiv Detail & Related papers (2022-08-09T19:51:10Z) - Distributed intelligence on the Edge-to-Cloud Continuum: A systematic
literature review [62.997667081978825]
This review aims at providing a comprehensive vision of the main state-of-the-art libraries and frameworks for machine learning and data analytics available today.
The main simulation, emulation, deployment systems, and testbeds for experimental research on the Edge-to-Cloud Continuum available today are also surveyed.
arXiv Detail & Related papers (2022-04-29T08:06:05Z) - Finding Facial Forgery Artifacts with Parts-Based Detectors [73.08584805913813]
We design a series of forgery detection systems that each focus on one individual part of the face.
We use these detectors to perform detailed empirical analysis on the FaceForensics++, Celeb-DF, and Facebook Deepfake Detection Challenge datasets.
arXiv Detail & Related papers (2021-09-21T16:18:45Z) - Towards Unbiased Visual Emotion Recognition via Causal Intervention [63.74095927462]
We propose a novel Emotion Recognition Network (IERN) to alleviate the negative effects brought by the dataset bias.
A series of designed tests validate the effectiveness of IERN, and experiments on three emotion benchmarks demonstrate that IERN outperforms other state-of-the-art approaches.
arXiv Detail & Related papers (2021-07-26T10:40:59Z) - Supervised Feature Selection Techniques in Network Intrusion Detection:
a Critical Review [9.177695323629896]
Machine Learning techniques are becoming an invaluable support for network intrusion detection.
Dealing with the vast diversity and number of features that typically characterize data traffic is a hard problem.
By reducing the feature space and retaining only the most significant features, Feature Selection (FS) becomes a crucial pre-processing step in network management.
arXiv Detail & Related papers (2021-04-11T08:42:01Z) - NAS-Navigator: Visual Steering for Explainable One-Shot Deep Neural
Network Synthesis [53.106414896248246]
We present a framework that allows analysts to effectively build the solution sub-graph space and guide the network search by injecting their domain knowledge.
Applying this technique in an iterative manner allows analysts to converge to the best performing neural network architecture for a given application.
arXiv Detail & Related papers (2020-09-28T01:48:45Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.