Analysis of Challenges in Modern Network Forensic Framework

Network forensics can be an expansion associated with network security design which typically emphasizes avoidance and detection of community assaults. It covers the necessity for dedicated investigative abilities. When you look at the design, this indeed currently allows investigating harmful behavior in communities. It will help organizations to examine external and community this is undoubtedly around. It is also important for police force investigations. Network forensic techniques can be used to identify the source of the intrusion and the intruder’s location. Forensics can resolve many cybercrime cases using the methods of network forensics. These methods can extract intruder’s information, the nature of the intrusion, and how it can be prevented in the future. These techniques can also be used to avoid attacks in near future. Modern network forensic techniques face several challenges that must be resolved to improve the forensic methods. Some of the key challenges include high storage speed, the requirement of ample storage space, data integrity, data privacy, access to IP address, and location of data extraction. The details concerning these challenges are provided with potential solutions to these challenges. In general, the network forensic tools and techniques cannot be improved without addressing these challenges of the forensic network. This paper proposed a thematic taxonomy of classifications of network forensic techniques based on extensive. The classification has been carried out based on the target datasets and implementation techniques while performing forensic investigations. For this purpose, qualitative methods have been used to develop thematic taxonomy. The distinct objectives of this study include accessibility to the network infrastructure and artifacts and collection of evidence against the intruder using network forensic techniques to communicate the information related to network attacks with minimum false-negative results. It will help organizations to investigate external and internal causes of network security attacks.

Detection of Mirai Malware Attacks in IoT Environments Using Random Forest Algorithms

The potential for Cyber-attacks against Internet of Thing (IoT) Infrastructure is enormous as devices run on pre-existing network infrastructure, for example Mirai Malware Attack. Network Forensics investigations require the Random Forest Algorithm which is used to perform classification and detection techniques for the Mirai Malware attack. The trials have been carried out using 5 attack scenarios and device types. The experimental results show that the RF algorithm achieves optimal performance with an average accuracy value of 95.01%, recall 90.82%, F1 Score 93.85% and the best precision value 99.23%. Besides, the Random Forest algorithm is suitable for very large data processing. The contribution of this research is to provide a recommendation that the RF Algorithm can be used to classify and identify Mirai malware attacks on the Internet of Things infrastructure.

A PROACTIVE APPROACH TO NETWORK FORENSICS INTRUSION (DENIAL OF SERVICE FLOOD ATTACK) USING DYNAMIC FEATURES, SELECTION AND CONVOLUTION NEURAL NETWORK

Currently, the use of internet-connected applications for storage by different organizations have rapidly increased with the vast need to store data, cybercrimes are also increasing and have affected large organizations and countries as a whole with highly sensitive information, countries like the United States of America, United Kingdom and Nigeria. Organizations generate a lot of information with the help of digitalization, these highly classified information are now stored in databases via the use of computer networks. Thus, allowing for attacks by cybercriminals and state-sponsored agents. Therefore, these organizations and countries spend more resources analyzing cybercrimes instead of preventing and detecting cybercrimes. The use of network forensics plays an important role in investigating cybercrimes; this is because most cybercrimes are committed via computer networks. This paper proposes a new approach to analyzing digital evidence in Nigeria using a proactive method of forensics with the help of deep learning algorithms - Convolutional Neural Networks (CNN) to proactively classify malicious packets from genuine packets and log them as they occur.

Network Forensics Against Ryuk Ransomware Using Trigger, Acquire, Analysis, Report, and Action (TAARA) Method

This study aims to reconstruct an attack event and analyze the source of viral infection based on network traffic logs so that the information obtained can be used for a new reference in the security system. Recent attacks on computer network systems cannot be easily detected, as cybercrime has used a variant of the Ryuk Ransomware virus to penetrate security systems, encrypt drives, and computer network resources. This virus is very destructive and has an effective design with a file size of about 200,487 Bytes so it does not look suspicious. The research steps are done through Trigger, Acquire, Analysis, Report, and Action (TAARA). The forensic tools used to obtain log data are Wireshark, NetworkMiner, and TCPDUMP. Based on the results of forensic data obtained include a timestamp, source of the attack, IP address, MAC address, hash signature sha256, internet protocol, and the process of infection. Based on the data obtained in this study has been by the expected objectives.