Identifying the Origin of Cyber Attacks Using Machine Learning and Network Traffic Analysis

Teda International School No. 72, 300457 3rd Avenue Teda Tianjin, China

Corresponding author: andrew2902@tedais.net

Abstract

In this paper, PCAP refers to Packet Capture, Network Intrusion Detection Systems refers to NIDS, Artificial Intelligence refers to AI, machine learning refers to ML, Computer Vision refers to CV, and Natural Language Processing refers to NLP. While the development of the internet promotes global progress, it also brings various cyber-attacks, such as phishing, junk emails, and keylogging. To ensure a clean internet environment, it is essential to identify the origin of cyber-attacks for effective defense and mitigation. This paper introduces an effective method of internet protection—machine learning. A common technique in the modern world, machine learning offers significant insights into locating the IP address and data origin. The focus of this paper is on how supervised machine learning is used to determine the data origin. The Random Forest Classifier is the key model analyzing network traffic data to predict the origin of cyber-attacks. By converting IP addresses, packet lengths, and protocol types into numerical features from PCAP files, this study applies machine learning techniques to classify attack behaviors. Additionally, an experiment testing the model’s effectiveness is designed to prove its efficiency and ensure the model’s precision.