Network Forensics Analysis of Cyber Attacks Carried Out Over Wireless Networks Using Machine Learning Methods

İmran Kaçan; Batuhan Gül; Fatih Ertam

doi:10.35377/saucis...1462721

Research Article

Network Forensics Analysis of Cyber Attacks Carried Out Over Wireless Networks Using Machine Learning Methods

Year 2024, Volume: 7 Issue: 2, 203 - 216, 31.08.2024

İmran Kaçan , Batuhan Gül , Fatih Ertam

https://doi.org/10.35377/saucis...1462721

Abstract

As technology advances, the frequency of attacks targeting technological devices has surged. This rise in cyber threats poses a constant risk to the devices we rely on. Any device connected to a network becomes vulnerable to exploitation by attackers. Given the extensive interconnectedness of devices in network environments, this research endeavors to address this pressing issue. The aim of this study is to analyze and classify network traffic generated during potential cyber attacks using various classification algorithms. By subjecting a simulated environment to different cyber attack scenarios, we extract the distinctive features of network packets generated during these attacks. Subsequently, we employ widely used classification algorithms to train and analyze the obtained data. For the comparison of models, more than 7000 attack data instances were employed. At the conclusion of the comparison, the Gradient Boosting algorithm achieved the highest accuracy value, reaching 91%, whereas the Naive Bayes algorithm obtained the lowest accuracy, reaching 74%.

Keywords

Network forensics, Cyber security, Machine learning

Supporting Institution

Fırat University

Project Number

Our study is supported by Fırat University Scientific Research Projects Coordination Unit with project number TEKF.23.12.

Thanks

We would like to thank Fırat University.

References

A. N. Ozalp, Z. Albayrak, and A. Zengin, “Expansion of Wireless Networks using IEEE 802.3af Protocol in Protected Areas,” in 5th International Symposium on Innovative Technologies in Engineering and Science, 2017.
M. Wazid, A. K. Das, V. Chamola, and Y. Park, “Uniting cyber security and machine learning: Advantages, challenges and future research,” 2022. doi: 10.1016/j.icte.2022.04.007.
S. GÖNEN, H. İ. ULUS, and E. N. YILMAZ, “Bilişim Alanında İşlenen Suçlar Ve Kişisel Verilerin Korunması,” Bilişim Teknol. Derg., vol. 9, no. 3, Sep. 2016, doi: 10.17671/btd.90710.
E. AKBAL, Ş. DOĞAN, T. TUNCER, and N. S. ATALAY, “Adli Bilişim Alanında Ağ Analizi,” Bitlis Eren Üniversitesi Fen Bilim. Derg., vol. 8, no. 2, pp. 582–594, 2019, doi: 10.17798/bitlisfen.479303.
K. A. Dhanya, S. Vajipayajula, K. Srinivasan, A. Tibrewal, T. S. Kumar, and T. G. Kumar, “Detection of Network Attacks using Machine Learning and Deep Learning Models,” Procedia Comput. Sci., vol. 218, pp. 57–66, 2023, doi: 10.1016/j.procs.2022.12.401.
R. Ahmad, R. Wazirali, and T. Abu-Ain, “Machine Learning for Wireless Sensor Networks Security: An Overview of Challenges and Issues,” 2022. doi: 10.3390/s22134730.
A. Mughaid et al., “Improved dropping attacks detecting system in 5g networks using machine learning and deep learning approaches,” Multimed. Tools Appl., vol. 82, no. 9, pp. 13973–13995, Apr. 2023, doi: 10.1007/s11042-022-13914-9.
M. Waqas, S. Tu, Z. Halim, S. U. Rehman, G. Abbas, and Z. H. Abbas, “The role of artificial intelligence and machine learning in wireless networks security: principle, practice and challenges,” Artif. Intell. Rev., vol. 55, no. 7, pp. 5215–5261, Oct. 2022, doi: 10.1007/s10462-022-10143-2.
D. M. Gezgin and E. Buluş, “Kablosuz Erişim Noktalarına Yapılan DoS Saldırıları,” pp. 83–89, 2008.
A. N. Kadhim and S. B. Sadkhan, “Security Threats in Wireless Network Communication-Status, Challenges, and Future Trends,” in 2021 International Conference on Advanced Computer Applications (ACA), IEEE, Jul. 2021, pp. 176–181. doi: 10.1109/ACA52198.2021.9626810.
D. Cossa, “The Dangers of Deauthentication Attacks in an Increasingly Wireless World,” Iowa State Univ., vol. 537, 2014.
R. Cheema, D. Bansal, and S. Sofat, “Deauthentication/Disassociation Attack: Implementation and Security in Wireless Mesh Networks,” Int. J. Comput. Appl., vol. 23, no. 7, pp. 7–15, 2011, doi: 10.5120/2901-3801.
W. Liu, “Research on DoS attack and detection programming,” in 3rd International Symposium on Intelligent Information Technology Application, IITA 2009, 2009. doi: 10.1109/IITA.2009.165.
A. N. Ozalp, Z. Albayrak, M. Cakmak, and E. Ozdogan, “Layer-based examination of cyber-attacks in IoT,” in HORA 2022 - 4th International Congress on Human-Computer Interaction, Optimization and Robotic Applications, Proceedings, 2022. doi: 10.1109/HORA55278.2022.9800047.
D. Mertkan Gezgin and E. Buluş, “KABLOSUZ AĞLARIN GÜVENLİK AÇIKLARININ EĞİTİM AMAÇLI İNCELENMESİ İÇİN UYGULAMA TASARIMI,” Cilt, vol. 2, no. 1, pp. 127–135, 2012.
H. (Harshita) Harshita, “Detection and Prevention of ICMP Flood DDOS Attack,” Int. J. New Technol. Res., vol. 3, no. 3, p. 263333, 2017, [Online]. Available: https://www.neliti.com/publications/263333/
Z.-Y. Shen, M.-W. Su, Y.-Z. Cai, and M.-H. Tasi, “Mitigating SYN Flooding and UDP Flooding in P4-based SDN,” in 2021 22nd Asia-Pacific Network Operations and Management Symposium (APNOMS), IEEE, Sep. 2021, pp. 374–377. doi: 10.23919/APNOMS52696.2021.9562660.
M. Thankappan, H. Rifà-Pous, and C. Garrigues, “Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networks: A state of the art review,” Expert Syst. Appl., vol. 210, p. 118401, Dec. 2022, doi: 10.1016/j.eswa.2022.118401.
B. L. Aylak, O. Oral, and K. Yazici, “Using artificial intelligence and machine learning applications in logistics,” 2021. doi: 10.31202/ecjse.776314.
A. N. Özalp and Z. Albayrak, “Detecting Cyber Attacks with High-Frequency Features using Machine Learning Algorithms,” Acta Polytech. Hungarica, 2022, doi: 10.12700/APH.19.7.2022.7.12.
A. Robles-Velasco, P. Cortés, J. Muñuzuri, and L. Onieva, “Prediction of pipe failures in water supply networks using logistic regression and support vector classification,” Reliab. Eng. Syst. Saf., vol. 196, p. 106754, Apr. 2020, doi: 10.1016/j.ress.2019.106754.
V. J. Pandya, “Comparing Handwritten Character Recognition by AdaBoostClassifier and KNeighborsClassifier,” in 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN), IEEE, Dec. 2016, pp. 271–274. doi: 10.1109/CICN.2016.59.
M. Grandini, E. Bagli, and G. Visani, “Metrics for Multi-Class Classification: an Overview,” pp. 1–17, 2020, [Online]. Available: http://arxiv.org/abs/2008.05756
A. H. Lashkari, G. D. Gil, M. S. I. Mamun, and A. A. Ghorbani, “Characterization of tor traffic using time based features,” in ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy, 2017, pp. 253–262. doi: 10.5220/0006105602530262.
S. Ganapathy, K. Kulothungan, S. Muthurajkumar, M. Vijayalakshmi, L. Yogesh, and A. Kannan, “Intelligent feature selection and classification techniques for intrusion detection in networks: A survey,” Eurasip J. Wirel. Commun. Netw., 2013, doi: 10.1186/1687-1499-2013-271.
C. Kolias, G. Kambourakis, and M. Maragoudakis, “Swarm intelligence in intrusion detection: A survey,” Comput. Secur., 2011, doi: 10.1016/j.cose.2011.08.009.
O. Atilla and E. Hamit, “A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015,” PeerJ, 2016.
R. Bala, “A REVIEW ON KDD CUP99 AND NSL-KDD DATASET,” Int. J. Adv. Res. Comput. Sci., 2019, doi: 10.26483/ijarcs.v10i2.6395.
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, 2009. doi: 10.1109/CISDA.2009.5356528.
Y. Hamid, V. R. Balasaraswathi, L. Journaux, and M. Sugumaran, “Benchmark Datasets for Network Intrusion Detection: A Review,” Int. J. Netw. Secur., 2018.
N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference, MilCIS 2015 - Proceedings, 2015. doi: 10.1109/MilCIS.2015.7348942.
N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J., 2016, doi: 10.1080/19393555.2015.1125974.

Year 2024, Volume: 7 Issue: 2, 203 - 216, 31.08.2024

İmran Kaçan , Batuhan Gül , Fatih Ertam

https://doi.org/10.35377/saucis...1462721

Abstract

Project Number

Our study is supported by Fırat University Scientific Research Projects Coordination Unit with project number TEKF.23.12.

References

A. N. Ozalp, Z. Albayrak, and A. Zengin, “Expansion of Wireless Networks using IEEE 802.3af Protocol in Protected Areas,” in 5th International Symposium on Innovative Technologies in Engineering and Science, 2017.
M. Wazid, A. K. Das, V. Chamola, and Y. Park, “Uniting cyber security and machine learning: Advantages, challenges and future research,” 2022. doi: 10.1016/j.icte.2022.04.007.
S. GÖNEN, H. İ. ULUS, and E. N. YILMAZ, “Bilişim Alanında İşlenen Suçlar Ve Kişisel Verilerin Korunması,” Bilişim Teknol. Derg., vol. 9, no. 3, Sep. 2016, doi: 10.17671/btd.90710.
E. AKBAL, Ş. DOĞAN, T. TUNCER, and N. S. ATALAY, “Adli Bilişim Alanında Ağ Analizi,” Bitlis Eren Üniversitesi Fen Bilim. Derg., vol. 8, no. 2, pp. 582–594, 2019, doi: 10.17798/bitlisfen.479303.
K. A. Dhanya, S. Vajipayajula, K. Srinivasan, A. Tibrewal, T. S. Kumar, and T. G. Kumar, “Detection of Network Attacks using Machine Learning and Deep Learning Models,” Procedia Comput. Sci., vol. 218, pp. 57–66, 2023, doi: 10.1016/j.procs.2022.12.401.
R. Ahmad, R. Wazirali, and T. Abu-Ain, “Machine Learning for Wireless Sensor Networks Security: An Overview of Challenges and Issues,” 2022. doi: 10.3390/s22134730.
A. Mughaid et al., “Improved dropping attacks detecting system in 5g networks using machine learning and deep learning approaches,” Multimed. Tools Appl., vol. 82, no. 9, pp. 13973–13995, Apr. 2023, doi: 10.1007/s11042-022-13914-9.
M. Waqas, S. Tu, Z. Halim, S. U. Rehman, G. Abbas, and Z. H. Abbas, “The role of artificial intelligence and machine learning in wireless networks security: principle, practice and challenges,” Artif. Intell. Rev., vol. 55, no. 7, pp. 5215–5261, Oct. 2022, doi: 10.1007/s10462-022-10143-2.
D. M. Gezgin and E. Buluş, “Kablosuz Erişim Noktalarına Yapılan DoS Saldırıları,” pp. 83–89, 2008.
A. N. Kadhim and S. B. Sadkhan, “Security Threats in Wireless Network Communication-Status, Challenges, and Future Trends,” in 2021 International Conference on Advanced Computer Applications (ACA), IEEE, Jul. 2021, pp. 176–181. doi: 10.1109/ACA52198.2021.9626810.
D. Cossa, “The Dangers of Deauthentication Attacks in an Increasingly Wireless World,” Iowa State Univ., vol. 537, 2014.
R. Cheema, D. Bansal, and S. Sofat, “Deauthentication/Disassociation Attack: Implementation and Security in Wireless Mesh Networks,” Int. J. Comput. Appl., vol. 23, no. 7, pp. 7–15, 2011, doi: 10.5120/2901-3801.
W. Liu, “Research on DoS attack and detection programming,” in 3rd International Symposium on Intelligent Information Technology Application, IITA 2009, 2009. doi: 10.1109/IITA.2009.165.
A. N. Ozalp, Z. Albayrak, M. Cakmak, and E. Ozdogan, “Layer-based examination of cyber-attacks in IoT,” in HORA 2022 - 4th International Congress on Human-Computer Interaction, Optimization and Robotic Applications, Proceedings, 2022. doi: 10.1109/HORA55278.2022.9800047.
D. Mertkan Gezgin and E. Buluş, “KABLOSUZ AĞLARIN GÜVENLİK AÇIKLARININ EĞİTİM AMAÇLI İNCELENMESİ İÇİN UYGULAMA TASARIMI,” Cilt, vol. 2, no. 1, pp. 127–135, 2012.
H. (Harshita) Harshita, “Detection and Prevention of ICMP Flood DDOS Attack,” Int. J. New Technol. Res., vol. 3, no. 3, p. 263333, 2017, [Online]. Available: https://www.neliti.com/publications/263333/
Z.-Y. Shen, M.-W. Su, Y.-Z. Cai, and M.-H. Tasi, “Mitigating SYN Flooding and UDP Flooding in P4-based SDN,” in 2021 22nd Asia-Pacific Network Operations and Management Symposium (APNOMS), IEEE, Sep. 2021, pp. 374–377. doi: 10.23919/APNOMS52696.2021.9562660.
M. Thankappan, H. Rifà-Pous, and C. Garrigues, “Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networks: A state of the art review,” Expert Syst. Appl., vol. 210, p. 118401, Dec. 2022, doi: 10.1016/j.eswa.2022.118401.
B. L. Aylak, O. Oral, and K. Yazici, “Using artificial intelligence and machine learning applications in logistics,” 2021. doi: 10.31202/ecjse.776314.
A. N. Özalp and Z. Albayrak, “Detecting Cyber Attacks with High-Frequency Features using Machine Learning Algorithms,” Acta Polytech. Hungarica, 2022, doi: 10.12700/APH.19.7.2022.7.12.
A. Robles-Velasco, P. Cortés, J. Muñuzuri, and L. Onieva, “Prediction of pipe failures in water supply networks using logistic regression and support vector classification,” Reliab. Eng. Syst. Saf., vol. 196, p. 106754, Apr. 2020, doi: 10.1016/j.ress.2019.106754.
V. J. Pandya, “Comparing Handwritten Character Recognition by AdaBoostClassifier and KNeighborsClassifier,” in 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN), IEEE, Dec. 2016, pp. 271–274. doi: 10.1109/CICN.2016.59.
M. Grandini, E. Bagli, and G. Visani, “Metrics for Multi-Class Classification: an Overview,” pp. 1–17, 2020, [Online]. Available: http://arxiv.org/abs/2008.05756
A. H. Lashkari, G. D. Gil, M. S. I. Mamun, and A. A. Ghorbani, “Characterization of tor traffic using time based features,” in ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy, 2017, pp. 253–262. doi: 10.5220/0006105602530262.
S. Ganapathy, K. Kulothungan, S. Muthurajkumar, M. Vijayalakshmi, L. Yogesh, and A. Kannan, “Intelligent feature selection and classification techniques for intrusion detection in networks: A survey,” Eurasip J. Wirel. Commun. Netw., 2013, doi: 10.1186/1687-1499-2013-271.
C. Kolias, G. Kambourakis, and M. Maragoudakis, “Swarm intelligence in intrusion detection: A survey,” Comput. Secur., 2011, doi: 10.1016/j.cose.2011.08.009.
O. Atilla and E. Hamit, “A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015,” PeerJ, 2016.
R. Bala, “A REVIEW ON KDD CUP99 AND NSL-KDD DATASET,” Int. J. Adv. Res. Comput. Sci., 2019, doi: 10.26483/ijarcs.v10i2.6395.
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, 2009. doi: 10.1109/CISDA.2009.5356528.
Y. Hamid, V. R. Balasaraswathi, L. Journaux, and M. Sugumaran, “Benchmark Datasets for Network Intrusion Detection: A Review,” Int. J. Netw. Secur., 2018.
N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference, MilCIS 2015 - Proceedings, 2015. doi: 10.1109/MilCIS.2015.7348942.
N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J., 2016, doi: 10.1080/19393555.2015.1125974.

There are 32 citations in total.

Details

Primary Language	English
Subjects	Software Engineering (Other)
Journal Section	Articles
Authors	İmran Kaçan 0000-0003-3912-0248 Batuhan Gül 0009-0007-1772-5373 Fatih Ertam 0000-0002-9736-8068
Project Number	Our study is supported by Fırat University Scientific Research Projects Coordination Unit with project number TEKF.23.12.
Early Pub Date	August 23, 2024
Publication Date	August 31, 2024
Submission Date	April 1, 2024
Acceptance Date	June 4, 2024
Published in Issue	Year 2024Volume: 7 Issue: 2

Cite

IEEE	İ. Kaçan, B. Gül, and F. Ertam, “Network Forensics Analysis of Cyber Attacks Carried Out Over Wireless Networks Using Machine Learning Methods”, SAUCIS, vol. 7, no. 2, pp. 203–216, 2024, doi: 10.35377/saucis...1462721.

Article Files

Full Text

29070 The papers in this journal are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License