Forensic Data Analytics for Anomaly Detection in Evolving Networks

TL;DR

This paper proposes a forensic data analytics framework for detecting anomalies in evolving networks like 5G and virtualization, addressing security challenges with a novel multi-perspective approach.

Contribution

It introduces a new digital forensic analytics framework combining feature engineering, unsupervised anomaly detection, and result correction for evolving network security.

Findings

Effective anomaly detection demonstrated on real-world data

Improved detection accuracy over traditional methods

Framework supports diverse evolving network scenarios

Abstract

In the prevailing convergence of traditional infrastructure-based deployment (i.e., Telco and industry operational networks) towards evolving deployments enabled by 5G and virtualization, there is a keen interest in elaborating effective security controls to protect these deployments in-depth. By considering key enabling technologies like 5G and virtualization, evolving networks are democratized, facilitating the establishment of point presences integrating different business models ranging from media, dynamic web content, gaming, and a plethora of IoT use cases. Despite the increasing services provided by evolving networks, many cybercrimes and attacks have been launched in evolving networks to perform malicious activities. Due to the limitations of traditional security artifacts (e.g., firewalls and intrusion detection systems), the research on digital forensic data analytics has attracted more attention. Digital forensic analytics enables people to derive detailed information and comprehensive conclusions from different perspectives of cybercrimes to assist in convicting criminals and preventing future crimes. This chapter presents a digital analytics framework for network anomaly detection, including multi-perspective feature engineering, unsupervised anomaly detection, and comprehensive result correction procedures. Experiments on real-world evolving network data show the effectiveness of the proposed forensic data analytics solution.