Skip to main content
SpringerLink
Log in

Network Forensic Analysis

  • Chapter
  • First Online:
Fundamentals of Network Forensics

Part of the book series: Computer Communications and Networks ((CCN))

  • 1888 Accesses

Abstract

Network forensic analysis is the activity performed by investigators to reconstruct the network activity over a period. The approach is commonly used to investigate individuals suspected of crimes and reconstruct a chain of events during a network-based activity tool. Machine learning is one of the popular approaches used to analyze the network events that adds computer the power to adopt and react according to the situation. These algorithms are used to build models and make predictions based on previous experiences. Michalski et al. (Machine learning: an artificial intelligence approach. Springer Science & Business Media, Berlin, 2013) precisely defined as a computer program is learning from experience E and increasing its performance P. Machine learning algorithms are used widely in data mining, pattern classification, medical fields, and intrusion detection for analyzing network traffic. It can be broadly classified into three categories as supervised, unsupervised, and semi-supervised. Supervised machine learning algorithms are those algorithms which are used to learn patterns from labeled input data sets. These algorithms build classifier model from these inputs and then that model is used to classify unknown labels. Algorithms like naive Bayes, decision tree, SVM, and KNN come under this category. In unsupervised algorithms unlabeled data set is provided for building model, and the data is categorized according to similar properties of same class data and different properties for different class data. These algorithms are also called clustering techniques. Examples of unsupervised machine learning algorithms are DBSCAN, one-class SVM, K-means, etc. Semi-supervised algorithm combines the features of both supervised and unsupervised algorithms. They provide high performance for unlabeled data set.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Michalski RS, Carbonell JG, Mitchell TM (2013) Machine learning: an artificial intelligence approach. Springer Science & Business Media, Berlin

    MATH  Google Scholar 

  2. Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36:11994–12000

    Article  Google Scholar 

  3. Rish I (2001) An empirical study of the naive Bayes classifier. In: IJCAI 2001 workshop on empirical methods in artificial intelligence, Seattle, vol 3(22). IBM, New York, pp 41–46

    Google Scholar 

  4. Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol 4:119–128

    Article  Google Scholar 

  5. Amor NB, Salem B, Zied E (2004) Naive Bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM symposium on applied computing, Nicosia. ACM, pp 420–424

    Chapter  Google Scholar 

  6. Sharma N, Mukherjee S (2012) Layered approach for intrusion detection using naĂ¯ve Bayes classifier. In: Proceedings of the international conference on advances in computing, communications and informatics, Chennai. ACM, pp 639–644

    Chapter  Google Scholar 

  7. Safavian SR, Landgrebe D (1990) A survey of decision tree classifier methodology. National Aeronautics and Space Administration, Washington, DC

    Google Scholar 

  8. Abbes T, Bouhoula A, Rusinowitch M (2004) Protocol analysis in intrusion detection using decision tree. In: International conference on information technology: coding and computing, 2004. Proceedings. ITCC 2004, Las Vegas, pp 404–408

    Google Scholar 

  9. Stein G, Chen B, Wu AS, Hua KA (2005) Decision tree classifier for network intrusion detection with GA-based feature selection. In: Proceedings of the 43rd annual Southeast regional conference, Kennesaw, vol 2, pp 136–141

    Google Scholar 

  10. Farid DM, Harbi N, Bahri E, Rahman MZ, Rahman CM (2010) Attacks classification in adaptive intrusion detection using decision tree. World Acad Sci Eng Technol 63:86–90

    Google Scholar 

  11. Adetunmbi AO, Falaki SO, Adewale OS, Alese BK (2008) Network intrusion detection based on rough set and k-nearest neighbour. Int J Comput ICT Res 2(1):60–66

    Google Scholar 

  12. Fix E, Hodges JL (1951) Discriminatory analysis, nonparametric discrimination: consistency properties. Technical Report 4, USAF School of Aviation Medicine, Randolph Field, Texas

    Google Scholar 

  13. Bay SD (1999) Nearest neighbor classification from multiple feature subsets. Intell Data Anal 3(3):191–209

    Article  Google Scholar 

  14. Hettich S, Bay SD (1999) The UCI KDD archive. University of California, Irvine. http://kdd.ics.uci.edu, 31 Mar 2016

  15. Liao Y, Vemuri VR (2002) Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 21(5):439–448

    Article  Google Scholar 

  16. Tsai FC, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222–229

    Article  MATH  Google Scholar 

  17. Hautamäki V, Ismo K, Pasi F (2004) Outlier detection using k-nearest neighbour graph. In: ICPR (3), Cambridge, pp 430–433

    Google Scholar 

  18. Sen N, Sen R, Chattopadhyay M (2014) An effective back propagation neural network architecture for the development of an efficient anomaly based intrusion detection system. In: International conference on computational intelligence and communication networks (CICN), 2014, Bhopal, pp 1052–1056

    Google Scholar 

  19. Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20:273–297

    Article  MATH  Google Scholar 

  20. Vapnik V (2013) The nature of statistical learning theory. Springer Science & Business Media, Berlin/New York

    MATH  Google Scholar 

  21. Vapnik VN, Vapnik V (1998) Statistical learning theory, vol 1. Wiley, New York

    MATH  Google Scholar 

  22. Vlasveld R (2013) Introduction to one-class support vector machines. http://rvlasveld.github.io/blog/2013/07/12/introduction-to-one-class-support-vector-machines/. Accessed 31 Mar 2016

  23. Mukkamala S, Janoski G, Sung A (2002) Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 international joint conference on neural networks, 2002 (IJCNN’02), Honolulu, pp 1702–1707

    Google Scholar 

  24. Shon T, Kim Y, Lee C, Moon J (2005) A machine learning framework for network anomaly detection using SVM and GA. In: Proceedings from the sixth annual IEEE SMC information assurance workshop, 2005 (IAW’05), West Point, pp 176–183

    Google Scholar 

  25. Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Symposium on applications and the internet, 2003, proceedings, Orlando, pp 209–216

    Google Scholar 

  26. Vokorokos L, Balaz A, Chovanec M (2006) Intrusion detection system using self organizing map. Acta Electrotechnica et Informatica 6:1–6

    Google Scholar 

  27. Jiang X, Liu K, Yan J, Chen W (2012) Application of improved SOM neural network in anomaly detection. Phys Procedia 33:1093–1099

    Article  Google Scholar 

  28. Agrawal R, Srikant R (1994) Fast algorithms for mining association rules. In: Proceedings of 20th international conference on very large data bases, VLDB, Chile, pp 487–499

    Google Scholar 

  29. Wu X, Kumar V, Quinlan JR, Ghosh J, Yang Q, Motoda H et al (2008) Top 10 algorithms in data mining. Knowl Inf Syst 14:1–37

    Article  Google Scholar 

  30. Hanguang L, Yu N (2012) Intrusion detection technology research based on apriori algorithm. Phys Procedia 24:1615–1620

    Article  Google Scholar 

  31. MĂ¼nz G, Li S, Carle G (2007) Traffic anomaly detection using k-means clustering. In: GI/ITG Workshop MMBnet, Hamburg

    Google Scholar 

  32. Muda Z, Yassin W, Sulaiman MN, Udzir NI (2011) Intrusion detection based on K-Means clustering and NaĂ¯ve Bayes classification. In: 7th international conference on information technology in Asia (CITA 11), Sarawak. IEEE, pp 1–6

    Google Scholar 

  33. Benaicha ES, Saoudi L, Guermeche B, Lounis O (2014) Intrusion detection system using genetic algorithm. InScience and information conference (SAI), 2014, London. IEEE, pp 564–568

    Google Scholar 

  34. Li W (2004) Using genetic algorithm for network intrusion detection. In: Proceedings of the United States Department of Energy Cyber Security Group, Baltimore, pp 1–8

    Google Scholar 

  35. Sinclair C, Pierce L, Matzner S (1991) An application of machine learning to network intrusion detection. In: 15th Annual Computer Security Applications Conference (ACSAC ’99), 371–377

    Google Scholar 

  36. Ester M, Kriegel H-P, Sander J, Xu X (1996) A density-based algorithm for discovering clusters in large spatial databases with noise. In: KDD, Portland, pp 226–231

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graphic Era University, Dehradun, Uttarakhand, India

    R. C. Joshi

  2. Malaviya National Institute of Technology, Jaipur, Rajasthan, India

    Emmanuel S. Pilli

Authors
  1. R. C. Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel S. Pilli
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag London

About this chapter

Cite this chapter

Joshi, R.C., Pilli, E.S. (2016). Network Forensic Analysis. In: Fundamentals of Network Forensics. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-7299-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-7299-4_6

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-7297-0

  • Online ISBN: 978-1-4471-7299-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation