What is it about?
This research paper presents a novel method for enhancing the process of digital forensic investigations, specifically focusing on web application attacks. The sheer volume and complexity of data involved in such investigations pose significant challenges for investigators. The paper proposes a "hybrid feature selection" approach that leverages machine learning to identify the most critical pieces of evidence (referred to as "features") within large datasets, such as web server logs. The hybrid approach combines two existing feature selection methods in machine learning: "filter" and "wrapper" methods. The filter method pre-selects potentially relevant features based on statistical measures, while the wrapper method then evaluates different combinations of these features using a specific prediction model, choosing the subset that yields the most accurate results. The study tested this approach on three different web attack datasets, simulating real-world scenarios by incorporating different types of logs (network and web traffic).
Featured Image
Photo by JOSHUA COLEMAN on Unsplash
Why is it important?
Digital forensic investigations are crucial for understanding the nature of cyberattacks, identifying the perpetrators, and gathering evidence for legal proceedings. However, traditional manual analysis of vast amounts of data is time-consuming and prone to errors. This research offers a significant advancement by automating and refining the evidence-gathering process, potentially leading to: ● Faster Investigations: By automatically identifying the most relevant data points, investigators can reduce the time spent manually sifting through large datasets. ● Increased Accuracy: The hybrid approach aims to improve the accuracy of web attack analysis, reducing false positives and negatives, leading to more reliable conclusions. ● Enhanced Efficiency: By focusing on the most crucial evidence, the hybrid approach streamlines the investigation process, allowing forensic analysts to work more efficiently.
Perspectives
The study acknowledges that the accuracy of their proposed approach is directly related to the quality and characteristics of the data used to train the machine learning models. To further improve this accuracy, we suggest: ● Exploring more sophisticated "n-gram" models, which analyze sequences of characters within the data, could lead to the identification of more subtle patterns associated with web attacks. ● Incorporating "expert knowledge" rules during the feature construction phase. This means using insights from experienced digital forensic analysts to guide the selection and interpretation of relevant features.
Dr. Enis Karaarslan
Mugla Sitki Kocman Universitesi
Read the Original
This page is a summary of: A hybrid feature-selection approach for finding the digital evidence of webapplication attacks, TURKISH JOURNAL OF ELECTRICAL ENGINEERING & COMPUTER SCIENCES, November 2019, The Scientific and Technological Research Council of Turkey (TUBITAK-ULAKBIM) - DIGITAL COMMONS JOURNALS,
DOI: 10.3906/elk-1812-18.
You can read the full text:
Contributors
The following have contributed to this page
