Current Volume 9
Abstract
Attributing malicious network activity to specific threat actors remains a critical challenge in digital forensics due to encrypted traffic and high volume of network data. Conventional rule-based and signature-based methods lack generalization and cannot capture the spatial and temporal dependencies that characterize advanced persistent threats. This paper presents a deep learning framework that combines Convolutional Neural Networks and Recurrent Neural Networks for automated attribution of threat activity within network forensics analytics. The framework employs CNN to extract Spatial features from packet-level and flow-level traffic representations, identifying structural patterns, protocol anomalies, and payload signatures indicative of malicious behavior. Temporal dynamics and attack progression are modeled using RNNs with gated Recurrent Units, enabling the system to learn sequential patterns in tactics, techniques, and procedures across network sessions. Evaluation was performed on the CICIoT2023 dataset, which was adopted because of its scale, diversity, and relevance to modern IoT security environments. The hybrid CNN-RNN model called Intelligent Network Forensic Investigative Model (INFIM) achieved 98.3% accuracy, 98.4% F1-Score, 98.7% precision, and 98.5% recall for multiclass attribution. Ablation analysis confirms that both spatial and temporal components are essential, particularly under imbalanced and low-signal conditions. The system also demonstrates robustness against common evasion ways, such as traffic padding and minor protocol obfuscation. This work shows that integrating CNN and RNN architectures improves the scalability and accuracy of network forensic attribution, reducing analyst burden and supporting timely incident response.
Keywords
Convolutional Neural Network, Deep Learning, Network Forensic Analytics, Recurrent Neural Network.
Citations
IRE Journals:
Olarinde O. O., Adewale O. S., Agbonifo O. C., Taiwo O. "Deep Learning Based Attribution of Threat Activity in Network Forensic Analytics" Iconic Research And Engineering Journals Volume 9 Issue 12 2026 Page 1762-1767 https://doi.org/10.64388/IREV9I12-1718901
IEEE:
Olarinde O. O., Adewale O. S., Agbonifo O. C., Taiwo O.
"Deep Learning Based Attribution of Threat Activity in Network Forensic Analytics" Iconic Research And Engineering Journals, 9(12) https://doi.org/10.64388/IREV9I12-1718901
About IRE Journals
IRE Journals is an open access online journals established with an aim to publish high quality of research work in various diciplines. We have more than 6 years in publications. Over 2500+ papers already published.
Important Links
For Authors
Volume 8:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 7:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 6:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 5:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 4:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 3:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12