SOM-Based Techniques towards Hierarchical Visualisation of Network Forensics Traffic Data

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Current research is improving the quality and efficiency of digital investigation methods due to the continuous proliferation of digital crimes. This includes the use of software tools that can help with digital investigations. A novel method for the analysis and visualisation of network forensics traffic data, based on growing hierarchical self-organising maps (GHSOM), is presented. Self-organising maps have shown to be successful for the analysis of highly-dimensional input data in data mining applications as well as for data visualisation. Moreover, the hierarchical architecture of the GHSOM is more flexible than a single SOM in the adaptation process to input data, capturing inherent hierarchical relationships among them. To evaluate the performance of this method in the field of network forensics, traffic data has been clustered and visualised in a hierarchical fashion to enhance the ability of digital forensics to find evidence of attacks or anomalous behaviour in the network. Experimental results show the utility of this approach.