Network forensics in the era of artificial intelligence
Explainable Artificial Intelligence for Cyber Security
School of Science / ECU Security Research Institute
Cyber Security Research Centre Limited Australian Government Cooperative Research Centres
Network forensics investigates a network attack by tracing the source of the attack and attributing the crime to a person, host or network. It can anticipate prospective attacks by establishing attack patterns based on available evidence and intrusion data traces. This chapter introduces network forensics, describes some common attacks targeting networks and existing network forensic tools. Moreover, this chapter describes the current development of network forensics techniques, such as IP Traceback Techniques, Intrusion Detection Systems, Attack Graph-based Techniques, Honeypots and Privacy-preserving Data Analytics. Based on the above, some specific research gaps in current network forensics research in the era of artificial intelligence are identified.