Machine Learning Based Network Traffic Forensics for Cyber Crime Investigation
Authors
Associate Professor, Department of Computer Science and Engineering, Sarala Birla University, Ranchi (India)
Department of Computer Science and Engineering, Sarala Birla University, Ranchi (India)
Department of Computer Science and Engineering, Sarala Birla University, Ranchi (India)
Department of Computer Science and Engineering, Sarala Birla University, Ranchi (India)
Article Information
DOI: 10.51584/IJRIAS.2026.110400063
Subject Category: Social science
Volume/Issue: 11/4 | Page No: 965-979
Publication Timeline
Submitted: 2026-04-11
Accepted: 2026-04-16
Published: 2026-05-04
Abstract
The growing reliance on internet-based technologies, cloud infrastructures, and interconnected digital systems has resulted in a significant rise in the incidents of cyber crimes and sophistication of the attack. Many modern cyber threats such as distributed denial-of-service (DDoS) attacks, dissemination of malware, and unauthorized access, as well as the large-scale data breaches, take place through network communication channels. These activities create a large volumes of network traffic that can be used as important digital evidence during cybercrime investigations. Network traffic forensics concentrates on analyzing such traffic to gain understanding of the attack behavior and help reconstruct security incidents so as to support the analysis of investigative nature. However, traditional forensic methods based on manual inspection or predefined rules are often not able to handle the volume and complexity of traffic generated on modern high speed networks.
Keywords
Network Forensics, Machine Learning, Cyber Crime Investigation, UNSW-NB15 Dataset, Intrusion Detection System
Downloads
References
1. S. Axelsson, “Intrusion detection systems: A survey and taxonomy,” Tech. Rep., Chalmers Univ., 2000. [Google Scholar] [Crossref]
2. Z. Ahmad et al., “Network intrusion detection using machine learning techniques,” Future Generation Computer Systems, vol. 117, pp. 20-30, 2021. [Google Scholar] [Crossref]
3. M. Ahmad et al., “Intrusion detection in IoT using supervised ML based on UNSW-NB15,” EURASIP J. Wireless Commun. Netw., 2021. [Google Scholar] [Crossref]
4. I. Aljawarneh, M. Aldwairi, and M. Yassein, “Anomaly-based intrusion detection system through feature selection,” J. Comput. Sci., vol. 25, pp. 152-160, 2018. [Google Scholar] [Crossref]
5. A. Behl and K. Behl, Cyberwar: The Next Threat to National Security. Oxford, U.K.: Oxford Univ. Press, 2017. [Google Scholar] [Crossref]
6. L. Breiman, “Random forests,” Machine Learning, vol. 45, no. 1, pp. 5-32, 2001. [Google Scholar] [Crossref]
7. J. Brownlee, Machine Learning Mastery with Python. Melbourne, Australia, 2018. [Google Scholar] [Crossref]
8. A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Commun. Surveys Tuts., vol. 18, no. 2, pp. 1153-1176, 2016. [Google Scholar] [Crossref]
9. M. Bhuyan, D. Bhattacharyya, and J. Kalita, “Network anomaly detection: Methods, systems and tools,” IEEE Commun. Surveys Tuts., vol. 16, no. 1, pp. 303-336, 2014. [Google Scholar] [Crossref]
10. E. Casey, Digital Evidence and Computer Crime, 3rd ed. Burlington, MA, USA: Academic Press, 2011. [Google Scholar] [Crossref]
11. C. Cortes and V. Vapnik, “Support-vector networks,” Machine Learning, vol. 20, no. 3, pp. 273-297, 1995. [Google Scholar] [Crossref]
12. G. Creech and J. Hu, “A semantic approach to host-based intrusion detection,” Proc. RAID, 2013. [Google Scholar] [Crossref]
13. M. A. Ferrag et al., “Security for 5G and IoT networks: A survey,” IEEE Network, vol. 34, no. 6, pp. 144-152, 2020. [Google Scholar] [Crossref]
14. A. Gharaee and H. Hosseinvand, “A new feature selection IDS based on GA and SVM,” Proc. ICEE, 2017. [Google Scholar] [Crossref]
15. H. Hindy et al., “A taxonomy of network threats and machine learning,” IEEE Commun. Surveys Tuts., vol. 22, no. 4, pp. 2511-2545, 2020. [Google Scholar] [Crossref]
16. H. Hindy et al., “Machine learning based cyber threat detection,” IEEE Commun. Surveys, 2020. [Google Scholar] [Crossref]
17. M. Hodo et al., “Threat analysis of IoT networks using artificial neural networks,” IEEE Access, vol. 4, pp. 681-695, 2016. [Google Scholar] [Crossref]
18. S. M. Kasongo and Y. Sun, “A deep learning method with wrapper based feature extraction for intrusion detection,” Computers & Security, vol. 92, 2020. [Google Scholar] [Crossref]
19. S. M. Kasongo and Y. Sun, “Performance analysis of intrusion detection systems,” IEEE Access, vol. 8, pp. 59351-59363, 2020. [Google Scholar] [Crossref]
20. G. Kim, S. Lee, and S. Kim, “A novel hybrid intrusion detection method integrating anomaly detection with misuse detection,” Expert Syst. Appl., vol. 41, no. 4, pp. 1690-1699, 2014. [Google Scholar] [Crossref]
21. N. Koroniotis et al., “Design of network forensic systems for cyber crime investigations,” Computers & Security, vol. 80, pp. 129-147, 2019. [Google Scholar] [Crossref]
22. Y. Li, J. Xia, S. Zhang, and X. Yan, “Network intrusion detection based on improved random forest,” Proc. ICMLC, 2019. [Google Scholar] [Crossref]
23. H. Liu and B. Lang, “Machine learning and deep learning methods for intrusion detection,” Applied Sciences, vol. 9, no. 20, 2019. [Google Scholar] [Crossref]
24. S. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,” Advances in NIPS, 2017. [Google Scholar] [Crossref]
25. J. McHugh, “Testing intrusion detection systems: A critique of the DARPA IDS evaluations,” ACM TISSEC, vol. 3, no. 4, pp. 262-294, 2000. [Google Scholar] [Crossref]
26. N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems,” Proc. MilCIS, 2015. [Google Scholar] [Crossref]
27. T. T. Nguyen and G. Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Commun. Surveys Tuts., vol. 10, no. 4, pp. 56-76, 2008. [Google Scholar] [Crossref]
28. A. Patcha and J. Park, “An overview of anomaly detection techniques,” IEEE Commun. Surveys & Tutorials, vol. 9, no. 4, pp. 1-15, 2007. [Google Scholar] [Crossref]
29. M. Ring et al., “A survey of network-based intrusion detection datasets,” Computers & Security, vol. 86, pp. 147-167, 2019. [Google Scholar] [Crossref]
30. M. Ring et al., “Flow-based benchmark data sets for intrusion detection,” Proc. AIMS, pp. 361-378, 2019. [Google Scholar] [Crossref]
31. M. Ring et al., “Flow-based intrusion detection using machine learning,” IEEE Access, vol. 7, pp. 179179–179193, 2019. [Google Scholar] [Crossref]
32. M. Ring et al., “Flow-based network traffic generation using realistic intrusion scenarios,” IEEE Access, vol. 7, pp. 19112-19127, 2019. [Google Scholar] [Crossref]
33. Y. Sarhan et al., “Ensemble learning for network intrusion detection,” Computers & Security, vol. 112, 2022. [Google Scholar] [Crossref]
34. Y. Sarhan et al., “Multiclass network intrusion detection using ensemble learning,” Computers & Security, vol. 113, 2022. [Google Scholar] [Crossref]
35. K. Scarfone and P. Mell, “Guide to intrusion detection and prevention systems (IDPS),” NIST SP 800-94, 2007. [Google Scholar] [Crossref]
36. J. Shone et al., “A deep learning approach to network intrusion detection,” IEEE Trans. Emerging Topics Comput. Intell., vol. 2, no. 1, pp. 41–50, 2018. [Google Scholar] [Crossref]
37. M. Samek et al., “Explainable AI for forensic analysis,” arXiv, 2019. [Google Scholar] [Crossref]
38. M. Samek, W. Samek, and K.-R. Müller, “Explainable artificial intelligence,” arXiv:1708.08296, 2017. [Google Scholar] [Crossref]
39. R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” Proc. IEEE Symp. Security and Privacy, pp. 305-316, 2010. [Google Scholar] [Crossref]
40. M. Tavallaee et al., “A detailed analysis of the KDD CUP 99 data set,” Proc. IEEE CISDA, 2009. [Google Scholar] [Crossref]
41. A. Verma and V. Ranga, “Statistical analysis of UNSW-NB15 dataset,” Proc. ICCT, 2018. [Google Scholar] [Crossref]
42. W. Wang et al., “HAST-IDS: Learning hierarchical spatial-temporal features for intrusion detection,” IEEE Access, vol. 6, pp. 1792-1806, 2018. [Google Scholar] [Crossref]
43. Y. Xin et al., “Machine learning and deep learning methods for cybersecurity,” IEEE Access, vol. 6, pp. 35365-35381, 2018. [Google Scholar] [Crossref]
44. J. Zhang, M. Zulkernine, and A. Haque, “Random forest-based intrusion detection,” IEEE Trans. SMC-C, 2008. [Google Scholar] [Crossref]
Metrics
Views & Downloads
Similar Articles
- The Impact of Ownership Structure on Dividend Payout Policy of Listed Plantation Companies in Sri Lanka
- Urban Sustainability in North-East India: A Study through the lens of NER-SDG index
- Performance Assessment of Predictive Forecasting Techniques for Enhancing Hospital Supply Chain Efficiency in Healthcare Logistics
- The Fractured Self in Julian Barnes' Postmodern Fiction: Identity Crisis and Deflation in Metroland and the Sense of an Ending
- Impact of Flood on the Employment, Labour Productivity and Migration of Agricultural Labour in North Bihar