Validation of individual identification through decision tree packet header profiling
The drastic rise in the cybercrime rate associated with the surge of users' dependence on the Internet has elevated the concern of digital forensic examiners toward the footprints of perpetrators left in a virtual environment. However, suspect identification is a big challenge in network fo...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Penerbit Universiti Kebangsaan Malaysia
2022
|
| Online Access: | http://journalarticle.ukm.my/20851/ http://journalarticle.ukm.my/20851/1/8.pdf |
| _version_ | 1848815212432457728 |
|---|---|
| author | Khairul Osman, T'ng, Qi Feng Hairee Izzam Mohd Noor, Noor Hazfalinda Hamzah, Gina Francesca Gabriel, |
| author_facet | Khairul Osman, T'ng, Qi Feng Hairee Izzam Mohd Noor, Noor Hazfalinda Hamzah, Gina Francesca Gabriel, |
| author_sort | Khairul Osman, |
| building | UKM Institutional Repository |
| collection | Online Access |
| description | The drastic rise in the cybercrime rate associated with the surge of users' dependence on the Internet has
elevated the concern of digital forensic examiners toward the footprints of perpetrators left in a virtual
environment. However, suspect identification is a big challenge in network forensics due to the anonymous
nature of data transmission across the network. This study utilises the decision tree classification approach to
characterise users from their behavioural web navigation pattern using the meta-data of captured network
packets (Destination IP, Protocol, Port Source, and Port Destination). A total of 95,795,379 network packet
headers from 96 subjects were successfully collected. Their meta-data header packets were statistically profiled
to generate digital fingerprints that try to link their action on the network to their identity accurately. Hence,
CHAID decision tree modelling using Destination IP, Unique protocols, and a combination of the two, including
Port source and Port destination, resulted in an accuracy of 4.07%, 6.34%, and 6.36%, respectively. However,
the modelling could not create a reliable decision tree for the Port source and destination. The validation study
on all the combined variables had a similar accuracy of 6.36%, indicating model created had reproducibility
capability. Despite the outcome, the proposed method is not yet sufficiently strong for suspect identification.
Further enhancement to improve its accuracy is required. |
| first_indexed | 2025-11-15T00:46:23Z |
| format | Article |
| id | oai:generic.eprints.org:20851 |
| institution | Universiti Kebangasaan Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T00:46:23Z |
| publishDate | 2022 |
| publisher | Penerbit Universiti Kebangsaan Malaysia |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | oai:generic.eprints.org:208512022-12-21T08:29:44Z http://journalarticle.ukm.my/20851/ Validation of individual identification through decision tree packet header profiling Khairul Osman, T'ng, Qi Feng Hairee Izzam Mohd Noor, Noor Hazfalinda Hamzah, Gina Francesca Gabriel, The drastic rise in the cybercrime rate associated with the surge of users' dependence on the Internet has elevated the concern of digital forensic examiners toward the footprints of perpetrators left in a virtual environment. However, suspect identification is a big challenge in network forensics due to the anonymous nature of data transmission across the network. This study utilises the decision tree classification approach to characterise users from their behavioural web navigation pattern using the meta-data of captured network packets (Destination IP, Protocol, Port Source, and Port Destination). A total of 95,795,379 network packet headers from 96 subjects were successfully collected. Their meta-data header packets were statistically profiled to generate digital fingerprints that try to link their action on the network to their identity accurately. Hence, CHAID decision tree modelling using Destination IP, Unique protocols, and a combination of the two, including Port source and Port destination, resulted in an accuracy of 4.07%, 6.34%, and 6.36%, respectively. However, the modelling could not create a reliable decision tree for the Port source and destination. The validation study on all the combined variables had a similar accuracy of 6.36%, indicating model created had reproducibility capability. Despite the outcome, the proposed method is not yet sufficiently strong for suspect identification. Further enhancement to improve its accuracy is required. Penerbit Universiti Kebangsaan Malaysia 2022-12 Article PeerReviewed application/pdf en http://journalarticle.ukm.my/20851/1/8.pdf Khairul Osman, and T'ng, Qi Feng and Hairee Izzam Mohd Noor, and Noor Hazfalinda Hamzah, and Gina Francesca Gabriel, (2022) Validation of individual identification through decision tree packet header profiling. Asia-Pacific Journal of Information Technology and Multimedia, 11 (2). pp. 97-111. ISSN 2289-2192 https://www.ukm.my/apjitm/articles-issues |
| spellingShingle | Khairul Osman, T'ng, Qi Feng Hairee Izzam Mohd Noor, Noor Hazfalinda Hamzah, Gina Francesca Gabriel, Validation of individual identification through decision tree packet header profiling |
| title | Validation of individual identification through decision tree packet header profiling |
| title_full | Validation of individual identification through decision tree packet header profiling |
| title_fullStr | Validation of individual identification through decision tree packet header profiling |
| title_full_unstemmed | Validation of individual identification through decision tree packet header profiling |
| title_short | Validation of individual identification through decision tree packet header profiling |
| title_sort | validation of individual identification through decision tree packet header profiling |
| url | http://journalarticle.ukm.my/20851/ http://journalarticle.ukm.my/20851/ http://journalarticle.ukm.my/20851/1/8.pdf |