Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

Rizvi, Syed S.H.; Scanlon, Mark; McGibney, Jimmy; Sheppard, John

doi:10.1109/access.2022.3214506

Cited by 26 publications

(14 citation statements)

References 149 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Rizvi introduced a deep learning approach for intrusion detection in resource-constrained environments, achieving high accuracy (Rizvi et al, 2023). Panigrahi provided a comprehensive assessment of supervised classifiers for designing NIDS, identifying the J48 Consolidated classifier as ideal (Panigrahi et al, 2021).…”

Section: Related Workmentioning

confidence: 99%

Network intrusion detection system by learning jointly from tabular and text‐based features

Düzgün,

Çayır,

Ünal

et al. 2023

Expert Systems

View full text Add to dashboard Cite

Network intrusion detection systems (NIDS) play a critical role in maintaining the security and integrity of computer networks. These systems are designed to detect and respond to anomalous activities that may indicate malicious intent or unauthorized access. The need for robust NIDS solutions has never been more pressing in today's digital landscape, characterized by constantly evolving cyber threats. Deploying effective NIDS can be challenging, particularly in accurately identifying network anomalies amid the ever‐increasing sophisticated and difficult‐to‐detect cyber threats. The motivation for our research stems from the recognition that while NIDS studies have made significant strides, there remains a crucial need for more effective and accurate methods to detect network anomalies. Commonly used features in NIDS studies include network logs, with some studies exploring text‐based features such as payload. However, traditional machine and deep learning models may need to be improved in learning jointly from tabular and text‐based features. Here, we present a new approach that integrates both tabular and text‐based features to improve the performance of NIDS. Our research aims to address the existing limitations of NIDS and contribute to the development of more reliable and efficient network security solutions by introducing more effective and accurate methods for detecting network anomalies. Our internal experiments have revealed that the deep learning approach utilizing tabular features produces favourable results, whereas the pre‐trained transformer approach needs to perform sufficiently. Hence, our proposed approach, which integrates both feature types using deep learning and pre‐trained transformer approaches, achieves superior performance. These findings indicate that integrating both feature types using deep learning and pre‐trained transformer approaches can significantly improve the accuracy of network anomaly detection. Moreover, our proposed approach outperforms the state‐of‐the‐art methods in terms of accuracy, F1‐score, and recall on commonly used NIDS datasets consisting of ISCX‐IDS2012, UNSW‐NB15, and CIC‐IDS2017, with F1‐scores of 99.80%, 92.37%, and 99.69%, respectively, indicating its effectiveness in detecting network anomalies.

show abstract

Section: Related Workmentioning

confidence: 99%

Network intrusion detection system by learning jointly from tabular and text‐based features

Düzgün,

Çayır,

Ünal

et al. 2023

Expert Systems

View full text Add to dashboard Cite

show abstract

“…Intrusion detection is critical for high-density communications systems because the large number of devices and users makes it easier for malicious actors to gain access and take advantage of weak points in the system [12]. The challenge of intrusion detection in high-density communications systems can be addressed with the use of big data analytics and machine learning algorithms [13]. In addition to the use of big data analytics and machine learning algorithms, the security of high-density communications systems can be further strengthened with the use of encryption and authentication methods.…”

Section: Related Workmentioning

confidence: 99%

An Innovative Intrusion Detection System for High-Density Communication Networks Using Artificial Intelligence

Sirisha,

Stephen,

Suganya

et al. 2023

RAiSE-2023

View full text Add to dashboard Cite

show abstract

“…Dilated CNNs were recently used by Rizvi et al for an intrusion detection system [52]. Numerous successive dilated CNN layers without including any max-pooling layer are applied along with some feature engineering in the proposed model.…”

Section: Related Workmentioning

confidence: 99%

MC-MLDCNN: Multichannel Multilayer Dilated Convolutional Neural Networks for Web Attack Detection

Moarref,

Sandıkkaya

2023

Security and Communication Networks

View full text Add to dashboard Cite

The explosive growth of web-based technology has led to an increase in sophisticated and complex attacks that target web applications. To protect against this growing threat, a reliable web attack detection methodology is essential. This research aims to provide a method that can detect web attacks accurately. A character-level multichannel multilayer dilated convolutional neural network (MC-MLDCNN) is proposed to identify web attacks accurately. The model receives the full text of HTTP requests as inputs. Character-level embedding is applied to embed HTTP requests to the model. Therefore, feature extraction is carried out automatically by the model, and no additional effort is required. This approach significantly simplifies the preprocessing phase. The methodology consists of multichannel dilated convolutional neural network blocks with various kernel sizes. Each channel involves several layers with exponentially increasing dilation sizes. Through the integration of multichannel and multilayer dilated convolutional neural networks, the model can efficiently capture the temporal relation and dependence of character granularity of HTTP requests at different scales and levels. As a result, the structure enables the model to easily capture dependencies over extended and long sequences of HTTP requests and consequently identify attacks accurately. The outcomes of the experiments carried out on the CSIC 2010 dataset show that the proposed model outperforms several state-of-the-art deep learning-based models in the literature and some traditional deep learning models by identifying web attacks with a precision score of 99.65%, a recall score of 98.80%, an F1 score of 99.22%, and an accuracy score of 99.36%. A useful web attack detection system must be able to balance accurate attack identification with minimizing false positives (identifying normal requests as attacks). The success of the model in recognizing normal requests is further evaluated to guarantee increased security without sacrificing web applications’ usability and availability.

show abstract

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

Cited by 26 publications

References 149 publications

Network intrusion detection system by learning jointly from tabular and text‐based features

Network intrusion detection system by learning jointly from tabular and text‐based features

An Innovative Intrusion Detection System for High-Density Communication Networks Using Artificial Intelligence

MC-MLDCNN: Multichannel Multilayer Dilated Convolutional Neural Networks for Web Attack Detection

Contact Info

Product

Resources

About