Automated generation of fuzzy rules from large-scale network traffic analysis in digital forensics investigations

This paper describes ongoing study and first results on the application of Neuro-Fuzzy (NF) to support large-scale forensics investigation in the domain of Network Forensics. In particular we focus on patterns of benign and malicious activity that can be find in network traffic dumps. We propose several improvements to the NF algorithm that results in proper handling of large-scale datasets, significantly reduces number of rules and yields a decreased complexity of the classification model. This includes better automated extraction of rules parameters as well as bootstrap aggregation for generalization. Experimental results show that such optimization gives a smaller number of rules, while the accuracy increases in comparison to existing approaches. In particular, it showed an accuracy of 98% when using only 39 rules. In our research we contribute to forensics science by increasing awareness and bringing more comprehensive fuzzy rules. During the last decade many cases related to network forensics resulted in data that can be related to Big Data due to its complexity. Application of Soft Computing methods, such that Neuro-Fuzzy may bring not only sufficient classification accuracy of normal and attack traffic, yet also facilitate in understanding traffic properties and developing a decision-support mechanism.