Network Attacks Classification for Network Forensics Investigation: Literature Reviews
Abstract
The computer network plays an important role in supporting various jobs and other activities in the cyber world. Various kinds of crimes have often occurred on computer networks. It is very demanding to build a computer network architecture that is safe from attacks to protect the data transacted. If there has been an attack on the computer network, of course, further investigation must be carried out to identify the attacker and the motive for the attack. An additional need is to evaluate the security of the network. This article reports a systematic review of the literature aiming to map the classification of attacks on computer networks and map future research. Based on the exploration, 30 key studies were selected that reveal the mapping of attack classifications on computer networks. The results of the literature review show that attacks on computer networks vary widely. Based on the results of the literature review conducted, it produces a roadmap for future research, which is to classify attacks on computer networks using a machine learning approach. The use of machine learning serves to help classify and investigate the needs for attacks on computer networks. The SVM method in this case was chosen based on previous research that was widely used for data-based classification.
Downloads
References
I. W. Ardiyasa, “Aplikasi Analisis Network Forensic untuk Analisis Serangan pada Syslog Server,” Res. Comput. Inf. Syst. Technol. Manag., vol. 2, no. 2, p. 59, 2019, doi: 10.25273/research.v2i02.5220.
S. Nomm and H. Bahsi, “Unsupervised Anomaly Based Botnet Detection in IoT Networks,” in Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018, 2019, pp. 1048–1053, doi: 10.1109/ICMLA.2018.00171.
Bita Parga Zen, Anggi Zafia, and Iwan Nofi Yono Putro, “Network Security Analysis Simulation at the GCS in the UCAV to support the Indonesian Defense Area,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 5, pp. 824–831, 2022, doi: 10.29207/resti.v6i5.4412.
H. Ernita, Y. Ruldeviyani, D. Nurul Maftuhah, and R. Mulyadi, “Strategy to Improve Employee Security Awareness at Information Technology Directorate Bank XYZ,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 4, pp. 577–584, 2022, doi: 10.29207/resti.v6i4.4170.
F. Yuan, Y. Cao, Y. Shang, Y. Liu, J. Tan, and B. Fang, “Insider threat detection with deep neural network,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10860 LNCS. Springer International Publishing, pp. 43–54, 2018, doi: 10.1007/978-3-319-93698-7_4.
C. Luo, Z. Tan, G. Min, J. Gan, W. Shi, and Z. Tian, “A Novel Web Attack Detection System for Internet of Things via Ensemble Classification,” vol. 17, no. 8, pp. 5810–5818, 2021.
T. P. Latchoumi, M. S. Reddy, and K. Balamurugan, “European Journal of Molecular & Clinical Medicine Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention,” vol. 07, no. 02, pp. 3543–3553, 2020.
M. S. Elsayed, N. A. Le-Khac, S. Dev, and A. D. Jurcut, “Machine-Learning Techniques for Detecting Attacks in SDN,” Proc. IEEE 7th Int. Conf. Comput. Sci. Netw. Technol. ICCSNT 2019, pp. 277–281, 2019, doi: 10.1109/ICCSNT47585.2019.8962519.
T. Sianturi and Kalamullah Ramli, “A Security Framework for Secure Host-to-Host Environments,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 3, pp. 380–386, 2022, doi: 10.29207/resti.v6i3.4018.
R. Adams, V. Hobbs, and G. Mann, “The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice,” J. Digit. Forensics, Secur. Law, 2013, doi: 10.15394/jdfsl.2013.1154.
K. Cabaj, Z. Kotulski, B. Księżopolski, and W. Mazurczyk, “Cybersecurity: trends, issues, and challenges,” Eurasip J. Inf. Secur., vol. 2018, no. 1, pp. 10–12, 2018, doi: 10.1186/s13635-018-0080-0.
oleg kupreev, alexander Gutnikov, and yaroslav shimelev, “Report on DDoS attacks in Q3 2022,” 2022. [Online]. Available: https://securelist.com/ddos-report-q3-2022/107860/.
AWS Shield, “AWS Shield,” 2020. [Online]. Available: https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf.
C. Cimpanu, “AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever | ZDNET,” Zdnet, 2020. https://www.zdnet.com/article/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever/.
Sam Kottler, “February 28th DDoS Incident Report,” 2018. [Online]. Available: https://githubengineering.com/ddos-incident-report/.
A. Dizdar, “SQL injection attack: Real life attacks and code examples,” Retrieved April, 2021. https://brightsec.com/blog/sql-injection-attack/.
T. Moes, “SQL Injection Examples (2023): The 6 Worst Attacks Ever,” Software Lab, 2023. https://softwarelab.org/blog/sql-injection-examples/.
M. S. Elsayed, N. A. Le-Khac, S. Dev, and ..., “Ddosnet: A deep-learning model for detecting network attacks,” 2020 IEEE 21st …, 2020, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9217754/.
G. C. Amaizu, C. I. Nwakanma, S. Bhardwaj, J. M. Lee, and D. S. Kim, “Composite and efficient DDoS attack detection framework for B5G networks,” Comput. Networks, vol. 188, no. December 2020, p. 107871, 2021, doi: 10.1016/j.comnet.2021.107871.
A. Yudhana, I. Riadi, and F. Ridho, “DDoS classification using neural network and naïve bayes methods for network forensics,” International Journal of Advanced Computer Science and Applications, vol. 9, no. 11. pdfs.semanticscholar.org, pp. 177–183, 2018, doi: 10.14569/ijacsa.2018.091125.
F. M. M. Mokbal, W. Dan, A. Imran, L. Jiuchuan, and ..., “MLPXSS: an integrated XSS-based attack detection scheme in web applications using multilayer perceptron technique,” IEEE …, 2019, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/8756243/.
D. Chen, Q. Yan, C. Wu, and J. Zhao, “SQL Injection Attack Detection and Prevention Techniques Using Deep Learning,” J. Phys. Conf. Ser., vol. 1757, no. 1, 2021, doi: 10.1088/1742-6596/1757/1/012055.
S. Wankhede and D. Kshirsagar, “DoS Attack Detection Using Machine Learning and Neural Network,” Proc. - 2018 4th Int. Conf. Comput. Commun. Control Autom. ICCUBEA 2018, 2018, doi: 10.1109/ICCUBEA.2018.8697702.
H. S. Obaid and E. H. Abeed, “Abeed,-DoS and DDoS Attacks at OSI Layers,” International Journal of Multidisciplinary Research and Publications Hadeel S. Obaid and Esamaddin H, vol. 2, no. 8. ijmrap.com, pp. 1–9, 2020, [Online]. Available: https://www.researchgate.net/publication/338670829.
S. S. Mohammed et al., “A New Machine Learning-based Collaborative DDoS Mitigation Mechanism in Software-Defined Network,” in International Conference on Wireless and Mobile Computing, Networking and Communications, 2018, vol. 2018-Octob, pp. 1–8, doi: 10.1109/WiMOB.2018.8589104.
M. Chambali, A. W. Muhammad, and Harsono, “Classification of Network Packages Based on Statistical Analysis and Neural Network,” J. Pengemb. IT, vol. 03, no. 1, pp. 67–70, 2018.
R. Rizal, I. Riadi, and Y. Prayudi, “Network Forensics for Detecting Flooding Attack on Internet of Things (IoT) Device Digital Evidence Cabinets View project eGovernment System and Security related issues View project Network Forensics for Detecting Flooding Attack on Internet of Things (Io,” Int. J. Cyber-Security Digit. Forensics, no. September, pp. 382–390, 2018, [Online]. Available: https://www.researchgate.net/publication/327392701.
K. S. Hoon, K. C. Yeo, S. Azam, B. Shunmugam, and F. De Boer, “Critical review of machine learning approaches to apply big data analytics in DDoS forensics,” 2018 Int. Conf. Comput. Commun. Informatics, ICCCI 2018, 2018, doi: 10.1109/ICCCI.2018.8441286.
A. Churcher et al., “An experimental analysis of attack classification using machine learning in IoT networks,” Sensors (Switzerland), vol. 21, no. 2, pp. 1–32, 2021, doi: 10.3390/s21020446.
M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” Int. J. Comput. Appl., vol. 180, no. 35, pp. 23–30, 2018, doi: 10.5120/ijca2018916879.
A. Rai, M. M. I. Miraz, D. Das, H. Kaur, and Swati, “SQL Injection: Classification and Prevention,” Proc. 2021 2nd Int. Conf. Intell. Eng. Manag. ICIEM 2021, pp. 367–372, 2021, doi: 10.1109/ICIEM51511.2021.9445347.
W. Yang, W. Zuo, and B. Cui, “Detecting Malicious URLs via a Keyword-Based Convolutional Gated-Recurrent-Unit Neural Network,” IEEE Access, vol. 7, pp. 29891–29900, 2019, doi: 10.1109/ACCESS.2019.2895751.
Y. Pan et al., “Detecting web attacks with end-to-end deep learning,” Journal of Internet Services and Applications, vol. 10, no. 1. Springer, 2019, doi: 10.1186/s13174-019-0115-x.
L. F. Sikos, “Packet analysis for network forensics: A comprehensive survey,” Forensic Sci. Int. Digit. Investig., vol. 32, p. 200892, 2020, doi: 10.1016/j.fsidi.2019.200892.
A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab, “Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine,” Electron., vol. 9, no. 1, 2020, doi: 10.3390/electronics9010173.
W. Pranoto, I. RIadi, and Y. Prayudi, “Live Forensics Method for Acquisition on the Solid State Drive (SSD) NVMe TRIM Function,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, pp. 129–138, 2020, doi: 10.22219/kinetik.v5i2.1032.
D. C. Prakoso, I. Riadi, and Y. Prayudi, “Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, pp. 155–160, 2020, doi: 10.22219/kinetik.v5i2.1037.
P. Sharma, D. Arora, and T. Sakthivel, “Enhanced Forensic Process for Improving Mobile Cloud Traceability in Cloud-Based Mobile Applications,” Procedia Comput. Sci., vol. 167, pp. 907–917, 2020, doi: 10.1016/j.procs.2020.03.390.
N. Widiyasono, I. A. Dwi Giriantari, M. Sudarma, and L. Linawati, “Detection of Mirai Malware Attacks in IoT Environments Using Random Forest Algorithms,” TEM J., no. August, pp. 1209–1219, 2021, doi: 10.18421/tem103-27.
M. Aljabri et al., “Intelligent techniques for detecting network attacks: Review and research directions,” Sensors, vol. 21, no. 21, 2021, doi: 10.3390/s21217070.
A. Mihoub, O. Ben Fredj, O. Cheikhrouhou, A. Derhab, and M. Krichen, “Denial of service attack detection and mitigation for internet of things using looking-back-enabled machine learning techniques,” Comput. Electr. Eng., vol. 98, p. 107716, 2022, doi: 10.1016/j.compeleceng.2022.107716.
Dwi Kurnia Wibowo, Ahmad Luthfi, Yudi Prayudi, Erika Ramadhani, and Muhamad Maulana, “Faux Insider Hazard Investigation on Non-Public Cloud Computing by Using ADAM’s Technique,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 6, pp. 1028–1036, 2022, doi: 10.29207/resti.v6i6.4714.
W. Yang, M. N. Johnstone, S. Wang, N. M. Karie, N. M. bin Sahri, and J. J. Kang, “Network Forensics in the Era of Artificial Intelligence,” Studies in Computational Intelligence, vol. 1025. Springer International Publishing, pp. 171–190, 2022, doi: 10.1007/978-3-030-96630-0_8.
M. Maabreh, I. Obeidat, E. A. Elsoud, A. Alnajjai, R. Alzyoud, and O. Darwish, “Towards Data-Driven Network Intrusion Detection Systems: Features Dimensionality Reduction and Machine Learning,” Int. J. Interact. Mob. Technol., vol. 16, no. 14, pp. 123–135, 2022, doi: 10.3991/ijim.v16i14.30197.
I. Riadi, A. Yudhana, and Galih Pramuja Inngam Fanani, “Comparative Analysis of Forensic Software on Android-based MiChat using ACPO and DFRWS Framework,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 7, no. 2, pp. 286–292, 2023, doi: 10.29207/resti.v7i2.4547.
S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” J. Algoritm., vol. 18, no. 1, pp. 77–86, 2021, doi: 10.33364/algoritma/v.18-1.827.
A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and ..., “A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks,” Electronics, 2019, [Online]. Available: https://www.mdpi.com/558954.
A. Jacobus and E. Winarko, “Penerapan Metode Support Vector Machine pada Sistem Deteksi Intrusi secara Real-time,” IJCCS (Indonesian J. Comput. Cybern. Syst., vol. 8, no. 1, p. 13, 2014, doi: 10.22146/ijccs.3491.
M. Shen, X. Tang, L. Zhu, X. Du, and M. Guizani, “Privacy-Preserving Support Vector Machine Training over Blockchain-Based Encrypted IoT Data in Smart Cities,” IEEE Internet Things J., vol. 6, no. 5, pp. 7702–7712, 2019, doi: 10.1109/JIOT.2019.2901840.
F. G. Deriba, A. O. Salau, S. H. Mohammed, T. M. Kassa, and W. B. Demilie, “Development of a Compressive Framework Using Machine Learning Approaches for SQL Injection Attacks,” Prz. Elektrotechniczny, vol. 98, no. 7, pp. 181–187, 2022, doi: 10.15199/48.2022.07.30.
P. Roy, R. Kumar, and P. Rani, “SQL Injection Attack Detection by Machine Learning Classifier,” Proc. - Int. Conf. Appl. Artif. Intell. Comput. ICAAIC 2022, no. May, pp. 394–400, 2022, doi: 10.1109/ICAAIC53929.2022.9792964.
Q. Li, W. Li, J. Wang, and M. Cheng, “A SQL Injection Detection Method Based on Adaptive Deep Forest,” IEEE Access, vol. 7, pp. 145385–145394, 2019, doi: 10.1109/ACCESS.2019.2944951.
P. Tang, W. Qiu, Z. Huang, H. Lian, and G. Liu, “Detection of SQL injection based on artificial neural network,” Knowledge-Based Syst., vol. 190, p. 105528, 2020, doi: 10.1016/j.knosys.2020.105528.
I. S. Crespo-Martínez, A. Campazas-Vega, Á. M. Guerrero-Higueras, V. Riego-DelCastillo, C. Álvarez-Aparicio, and C. Fernández-Llamas, “SQL injection attack detection in network flow data,” Comput. Secur., vol. 127, 2023, doi: 10.1016/j.cose.2023.103093.
J. Mack, Y.-H. (Frank) Hu, and M. A. Hoppa, “A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox,” Va. J. Sci., vol. 70, no. 3, p. 1, 2019, doi: 10.25778/bx6k-2285.
F. A. Mereani and J. M. Howe, “Detecting Cross-Site Scripting Attacks Using Machine Learning,” Advances in Intelligent Systems and Computing, vol. 723. Springer International Publishing, pp. 200–210, 2018, doi: 10.1007/978-3-319-74690-6_20.
D. Korac, B. Damjanovic, and D. Simic, “Information Security in M-learning Systems: Challenges and Threats of Using Cookies,” 2020 19th Int. Symp. INFOTEH-JAHORINA, INFOTEH 2020 - Proc., no. March, pp. 18–20, 2020, doi: 10.1109/INFOTEH48170.2020.9066344.
K. Vijayalakshmi and E. Syed Mohamed, “Case Study: Extenuation of XSS Attacks through Various Detecting and Defending Techniques,” J. Appl. Secur. Res., vol. 16, no. 1, pp. 91–126, 2021, doi: 10.1080/19361610.2020.1735283.
G. Xu et al., “JSCSP: A Novel Policy-Based XSS Defense Mechanism for Browsers,” IEEE Trans. Dependable Secur. Comput., vol. 19, no. 2, pp. 862–878, 2022, doi: 10.1109/TDSC.2020.3009472.
R. W. Kadhim and M. T. Gaata, “A hybrid of CNN and LSTM methods for securing web application against cross-site scripting attack,” Indones. J. Electr. Eng. Comput. Sci., vol. 21, no. 2, pp. 1022–1029, 2020, doi: 10.11591/ijeecs.v21.i2.pp1022-1029.
D. Faroek, Rusydi Umar, and Imam Riadi, “Classification Based on Machine Learning Methods for Identification of Image Matching Achievements,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 2, pp. 198–206, 2022, doi: 10.29207/resti.v6i2.3826.
M. Batta, “Machine Learning Algorithms - A Review,” Int. J. Sci. Res., vol. 18, no. 8, pp. 381–386, 2018, doi: 10.21275/ART20203995.
E. S. Pilli, R. C. Joshi, and R. Niyogi, “A Generic Framework for Network Forensics,” Int. J. Comput. Appl., vol. 1, no. 11, pp. 1–6, 2010, doi: 10.5120/251-408.
Copyright (c) 2023 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright in each article belongs to the author
- The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
- Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;