An Effective Payload Attribution Scheme for Cybercriminal Detection Using Compressed Bitmap Index Tables and Traffic Downsampling
S. Mohammad Hosseini, Amirhossein Jahangir

TL;DR
This paper introduces a new payload attribution system that uses compressed bitmap index tables and traffic downsampling to improve detection accuracy and reduce false positives in cybercrime investigations.
Contribution
The paper presents a novel approach combining compressed bitmap indexes and traffic downsampling to enhance payload attribution accuracy over existing methods.
Findings
Significantly reduces false positive rates in cybercriminal detection.
Efficiently handles large network traffic data volumes.
Improves detection speed and accuracy.
Abstract
Payload attribution systems (PAS) are one of the most important tools of network forensics for detecting an offender after the occurrence of a cybercrime. A PAS stores the network traffic history in order to detect the source and destination pair of a certain data stream in case a malicious activity occurs on the network. The huge volume of information that is daily transferred in the network means that the data stored by a PAS must be as compact and concise as possible. Moreover, the investigation of this large volume of data for a malicious data stream must be handled within a reasonable time. For this purpose, several techniques based on storing a digest of traffic using Bloom filters have been proposed in the literature. The false positive rate of existing techniques for detecting cybercriminals is unacceptably high, i.e., many source and destination pairs are falsely determined as…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
