Article
Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions
Contribution Summary
This paper presents a comprehensive survey of the application of artificial intelligence (AI) in network forensics, covering expert systems, machine learning, deep learning, and ensemble/hybrid approaches. The study discusses the current challenges and future directions in network forensics, including network traffic analysis, intrusion detection systems, and Internet-of-Things devices. The paper provides an overview of the state-of-the-art in network forensics and the application of AI in various domains, including vehicular networks and smart grids. It also highlights the importance of AI in network forensics, including its ability to improve the performance of network forensic classifications and assist in the investigation of network traffic. The paper is organized into three primary sections, including a discussion of publicly available datasets for network forensics, an overview of the state-of-the-art in AI applications in network forensics, and a summary of the current challenges and future directions in network forensics.
Keywords: Network forensics; Artificial intelligence; Cybersecurity; Digital forensics; Machine learning; Deep learning; Ensemble learning; Hybrid learning
Abstract
Network forensics focuses on the identification and investigation of internal and external network attacks, the reverse engineering of network protocols, and the uninstrumented investigation of networked devices. It lies at the intersection of digital forensics, incident response and network security. Network attacks exploit software and hardware vulnerabilities and communication protocols. The scope of a network forensic investigation can range from Internet-wide down to a single device’s network traffic. Network analysis tools (NATs) aid security professionals and law enforcement in the capturing, identification and analysis of network traffic. However, in most instances, the sheer volume of data to be analyzed is enormous and, despite some built-in NAT automation, the investigation of network traffic is often an arduous process. Furthermore, significant expert time remains wasted in the investigation of a high frequency of false positive alerting from automated systems. To address this globally impacting problem, artificial intelligence based approaches are becoming increasingly employed to automatically detect attacks and increase network traffic classification accuracy. This paper provides a comprehensive survey of the state-of-the-art in network forensics and the application of expert systems, machine learning, deep learning, and ensemble/hybrid approaches to a range of application areas in the field. These include network traffic analysis, intrusion detection systems, Internet-of-Things devices, cloud forensics, DNS tunneling, smart grid forensics, and vehicle forensics. In addition, the current challenges and future research directions for each of the aforementioned application areas is discussed.
BibTeX
@article{rizvi2022AIforNetworkForensics,
author={Rizvi, Syed and Scanlon, Mark and McGibney, Jimmy and Sheppard, John},
title="{Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions}",
journal="{IEEE Access}",
year=2022,
month=10,
volume=10,
abstract={Network forensics focuses on the identification and investigation of internal and external network attacks, the reverse engineering of network protocols, and the uninstrumented investigation of networked devices. It lies at the intersection of digital forensics, incident response and network security. Network attacks exploit software and hardware vulnerabilities and communication protocols. The scope of a network forensic investigation can range from Internet-wide down to a single device’s network traffic. Network analysis tools (NATs) aid security professionals and law enforcement in the capturing, identification and analysis of network traffic. However, in most instances, the sheer volume of data to be analyzed is enormous and, despite some built-in NAT automation, the investigation of network traffic is often an arduous process. Furthermore, significant expert time remains wasted in the investigation of a high frequency of false positive alerting from automated systems. To address this globally impacting problem, artificial intelligence based approaches are becoming increasingly employed to automatically detect attacks and increase network traffic classification accuracy. This paper provides a comprehensive survey of the state-of-the-art in network forensics and the application of expert systems, machine learning, deep learning, and ensemble/hybrid approaches to a range of application areas in the field. These include network traffic analysis, intrusion detection systems, Internet-of-Things devices, cloud forensics, DNS tunneling, smart grid forensics, and vehicle forensics. In addition, the current challenges and future research directions for each of the aforementioned application areas is discussed.},
doi={10.1109/ACCESS.2022.3214506},
}