Applications of Machine Learning in Cyber Forensics

Applications of Machine Learning in Cyber Forensics

Kishore Rajendiran, Kumar Kannan, Yongbin Yu
Copyright: © 2021 |Pages: 18
DOI: 10.4018/978-1-7998-4900-1.ch002
(Individual Chapters)
No Current Special Offers


Nowadays, individuals and organizations experience an increase in cyber-attacks. Combating such cybercrimes has become the greatest struggle for individual persons and organizations. Furthermore, the battle has heightened as cybercriminals have gone a step ahead, employing the complicated cyber-attack technique. These techniques are minute and unobtrusive in nature and habitually disguised as authentic requests and commands. The cyber-secure professionals and digital forensic investigators enforce by collecting large and complex pools of data to reveal the potential digital evidence (PDE) to combat these attacks and helps investigators to arrive at particular conclusions and/or decisions. In cyber forensics, the challenging issue is hard for the investigators to make conclusions as the big data often comes from multiple sources and in different file formats. The objective is to explore the possible applications of machine learning (ML) in cyber forensics and to discuss the various research issues, the solutions of which will serve out to provide better predictions for cyber forensics.
Chapter Preview


Cybercrime has drastically increased since the 1970s with the widespread use of technology that led to various criminal activities. This, in turn, emphasized the need for efficient investigations over the past few years. Cyber forensics, also termed as digital or computer forensics, turns around the scientific and authorized extraction of evidence in the digital form. This field examines, analyzes, and reports the digital evidence given cyber/digital criminal activity (Baggili, I., & Behzadan, V. 2019). In human life, digitization has become dominant, occupying most of the day-to-day activities, either in professional or personal life. As a result, people are in and around a device that leads to digitization in most of their routine work. For example, a smartphone can provide access to various sensitive data (e.g., transaction, email, and messages) that can provide user-related information and their social connectivity (Rohmeyer, P. 2010). Mainly, digitization evolves at the cost of financial frauds; Intellectual Property Rights (IPR) infringements, malware, and terrorist communication are among the few to show the originality of cybercrime and its behavior.

Cyber forensics needs a structured efficient mode of inquiry about forensic pieces of evidence found in the crime space (Atlam, H., Walters, R., & Wills, G. 2018). By 2025, the expected number of Internet of things (IoT) devices may reach 21.5 billion worldwide, increasing the amount of data to be handled. Thereby, increasing the possibilities of cybercrime in a huge scale and providing preventive measures pose a great challenge (Statista Research Department. 2016). The development of Internet and data communication technologies can provide space for intruders to inject security attacks, cybercrimes, and malware (Atlam, H. F., et. al. 2017). Malicious attacks in the networks are common, and hackers can intrude into the network, which can be identified with an effective cyber security mechanism with artificial intelligence (AI). So there is a need for data handling with huge IoT data and predictive intelligence with the help of AI (Atlam, H. F., & Wills, G. B. 2020).

In order to handle the analysis of large amounts of complex data for forensic purposes, investigators frequently handle the increased demand with less time and low-priced measures. This is the reason why AI is being used in the field of cyber forensics; besides, even many traditional investigators might argue that it is not an incomparable solution, as they agree that AI can help improve the battle against cybercrime (Karie, N. M., et. al. 2019).

This chapter proposes a suitable framework in which machine learning (ML) concepts and techniques are integrated with digital forensic activities (e.g., evidence collection, analysis, and correlation). In this framework, forensic export decides upon the prediction results of ML to move towards report generation.


In this section, the authors provide a background study of cyber forensics in terms of state of the art, cybercrimes with forensics, and applications of cyber forensics. Finally, they discuss the critical challenges of digital/cyber forensics.

Key Terms in this Chapter

Digital Evidence: Information or data stored on devices or transmitted during the crime and acquired when electronic devices are detained and protected for investigation.

Digital Resource: It is made up of media such as images, text, video, and sound.

Keras API: It allows to reduce cognitive load with best practices such as deep learning.

Prediction: It is an information forecasting; it is quantitative when there is a specific condition.

Correlation: Two variables are related when, if one variable increases, the other increases, too.

Blockchain: List of blocks distributed and linked via cryptography such as a digital ledger.

Internet of Things (IoT): The Internet of things (IoT) allows to transfer data between sensors and network to reach storage.

Complete Chapter List

Search this Book: