DETECTING THE ORIGIN OF CYBERATTACKS USING MACHINE LEARNING AND NETWORK TRAFFIC ANALYSIS

Authors

  • Alisher Otakhanov Fergana State University
  • Maruf Juraev Tashkent Institute of Technology, Management and Communication

Keywords:

Machine Learning, Network Traffic Analysis, Random Forest Classifier, Cyberattack Source Detection, Intrusion Detection System (IDS), PCAP Feature Extraction

Abstract

The rapid expansion of the Internet has accelerated global development but has also increased exposure to cyber threats such as phishing, spam, and keylogging. Identifying the sources of such attacks is essential for effective defense, mitigation, and forensic response. This study proposes a supervised machine learning approach to pinpoint the origin of malicious network activity using features extracted from PCAP (packet capture) files. We convert raw packet data IP addresses, packet lengths, protocol types, and TCP flag counts into numerical features and train a Random Forest classifier to label traffic by source (e.g., benign vs. malicious source groups or specific attacker categories). The method is validated with controlled experiments; evaluation metrics include accuracy, precision, recall, and F1-score. Results demonstrate that Random Forest provides robust and interpretable performance, making it a practical tool for intrusion source attribution and network security monitoring.

Downloads

Published

2025-10-31

Issue

No. 1 (2025): Advancing Interdisciplinary Research in Art and Humanities

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.