{"title":"Automated generation of fuzzy rules from large-scale network traffic analysis in digital forensics investigations","authors":"Andrii Shalaginov, K. Franke","doi":"10.1109/SOCPAR.2015.7492778","DOIUrl":null,"url":null,"abstract":"This paper describes ongoing study and first results on the application of Neuro-Fuzzy (NF) to support large-scale forensics investigation in the domain of Network Forensics. In particular we focus on patterns of benign and malicious activity that can be find in network traffic dumps. We propose several improvements to the NF algorithm that results in proper handling of large-scale datasets, significantly reduces number of rules and yields a decreased complexity of the classification model. This includes better automated extraction of rules parameters as well as bootstrap aggregation for generalization. Experimental results show that such optimization gives a smaller number of rules, while the accuracy increases in comparison to existing approaches. In particular, it showed an accuracy of 98% when using only 39 rules. In our research we contribute to forensics science by increasing awareness and bringing more comprehensive fuzzy rules. During the last decade many cases related to network forensics resulted in data that can be related to Big Data due to its complexity. Application of Soft Computing methods, such that Neuro-Fuzzy may bring not only sufficient classification accuracy of normal and attack traffic, yet also facilitate in understanding traffic properties and developing a decision-support mechanism.","PeriodicalId":409493,"journal":{"name":"2015 7th International Conference of Soft Computing and Pattern Recognition (SoCPaR)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 7th International Conference of Soft Computing and Pattern Recognition (SoCPaR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SOCPAR.2015.7492778","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
This paper describes ongoing study and first results on the application of Neuro-Fuzzy (NF) to support large-scale forensics investigation in the domain of Network Forensics. In particular we focus on patterns of benign and malicious activity that can be find in network traffic dumps. We propose several improvements to the NF algorithm that results in proper handling of large-scale datasets, significantly reduces number of rules and yields a decreased complexity of the classification model. This includes better automated extraction of rules parameters as well as bootstrap aggregation for generalization. Experimental results show that such optimization gives a smaller number of rules, while the accuracy increases in comparison to existing approaches. In particular, it showed an accuracy of 98% when using only 39 rules. In our research we contribute to forensics science by increasing awareness and bringing more comprehensive fuzzy rules. During the last decade many cases related to network forensics resulted in data that can be related to Big Data due to its complexity. Application of Soft Computing methods, such that Neuro-Fuzzy may bring not only sufficient classification accuracy of normal and attack traffic, yet also facilitate in understanding traffic properties and developing a decision-support mechanism.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
