A Novel Network Forensic Framework for Advanced Persistent Threat Attack Attribution Through Deep Learning

The Internet now plays a pivotal role in the social and economic landspace, providing individuals and businesses with access to essential daily services and tasks. However, it has also become a breeding ground for conflicts. Advanced Persistent Threats (APTs) pose a formidable chanllenge when direct...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on intelligent transportation systems Vol. 25; no. 9; pp. 12131 - 12140
Main Authors Mei, Yangyang, Han, Weihong, Li, Shudong, Lin, Kaihan, Tian, Zhihong, Li, Shumei
Format Journal Article
LanguageEnglish
Published IEEE 01.09.2024
Subjects
advanced persistent threat
Analytical models
Cyberattack
Data models
Deep learning
Forensics
multi-layer perceptual deep neural network
Network forensic
Pearson correlation
Security
Telecommunication traffic
Online AccessGet full text

Cover

More Information
Summary:The Internet now plays a pivotal role in the social and economic landspace, providing individuals and businesses with access to essential daily services and tasks. However, it has also become a breeding ground for conflicts. Advanced Persistent Threats (APTs) pose a formidable chanllenge when directed at organizations and governments, exposing the entire network to substantial security risks. Employing network fornesics for attributing cyber-attacks and acquiring timely, credible forensic results is a fundamental challenge in maintaining cyber security. This paper introduces a Deep Learning-based network forensics framework for digitally identifying and tracking network attacks, providing a comprehensive overview of the network forensics process. Specifically, we extract network traffic and employ encryption to ensure the integrity and security of data. Subsequently, we apply feature filtering techniques to retain essential traceability information, and Deep Learning model parameters are automatically optimized using hyperparameter optimization techniques. Lastly, we develop a Multi-Layer Perceptual Deep Neural Network (MLP DNN) model with perceptual capabilities for detecting anomalous events within the network. We evaluated the framework's effectiveness using the UNSW-NB15 dataset. The experiments demonstrate that the proposed framework is applicable to APT attack forensics scenarios. In comparison to other AI methods, our framework excels in discovering and tracking network attack events with high performance.
ISSN:1524-9050
1558-0016
DOI:10.1109/TITS.2024.3360260