Digital Forensics for Detecting and Investigating Cyber Malicious Activities

Marathi Muni Babu; M Sai Harshini; P V Koteswara Rao; R Gowtham; G Jamuna

doi:10.5281/zenodo.18672461

Authors

Marathi Muni Babu Department of CSE (IoT and Cyber Security including Block Chain Technology), Annamacharya Institute of Technology & Sciences (Autonomous), Tirupati, A.P, India.
M Sai Harshini Department of CSE (IoT and Cyber Security including Block Chain Technology), Annamacharya Institute of Technology & Sciences (Autonomous), Tirupati, A.P, India.
P V Koteswara Rao Department of CSE (IoT and Cyber Security including Block Chain Technology), Annamacharya Institute of Technology & Sciences (Autonomous), Tirupati, A.P, India.
R Gowtham Department of CSE (IoT and Cyber Security including Block Chain Technology), Annamacharya Institute of Technology & Sciences (Autonomous), Tirupati, A.P, India.
G Jamuna Department of CSE (IoT and Cyber Security including Block Chain Technology), Annamacharya Institute of Technology & Sciences (Autonomous), Tirupati, A.P, India.

DOI:

https://doi.org/10.5281/zenodo.18672461

Keywords:

Cybersecurity, Insider Threats, Machine Learning, Digital Forensics, Anomaly Detection, CNN

Abstract

Cybersecurity is an urgent concern in this age of rapid expansion of digital infrastructures, especially due to insider threats. These are sophisticated threats where traditional signature-based detection methods have proven much less effective, since these attacks are by people who have legitimate access to sensitive data. In this paper, several ML models, namely Logistic Regression, Random Forest, Support Vector Machine, Decision Trees, and XGBoost, have been experimented with for detecting insider threats in cybersecurity. XGBoost proved to be the best among the compared ML models, with an accuracy of 94.2%. However, the proposed model CNN outperformed all other algorithms and achieved 95.0% accuracy along with the highest precision and F1-score. This confirms that deep learning techniques are much better at capturing complex patterns in cyber activities than ML techniques. While the proposed CNN resulted in excellent performance, several challenges remain to be explored, such as the problem of class imbalance, anomaly detection in real time, and explanation of anomalies. This paper presents a proposal that the integration of advanced machine learning and deep learning models is crucial for improvement in scalable, real-time, and accurate cybersecurity solutions.

References

Almansouri, H. A., Khajah, M. M., & Alsnayen, N. B. (2025). Machine learning model for predicting cyber-criminal characteristics. Kuwait Journal of Science, Article 100487.

Alsubaei, F. S., Almazroi, A. A., & Ayub, N. (2024). Enhancing phishing detection: A novel hybrid deep learning framework for cybercrime forensics. IEEE Access, 12, 8373–8389.

Dananjana, W. P., Arambawela, J. S., Gonawala, D. G. S. N., Rathnayaka, R. K. G. H., Senarathne, A. N., & Siriwardena, S. M. D. N. (2025). Machine learning-based criminal behavior analysis for enhanced digital forensics. PLOS ONE, 20(10), e0332802.

Ghozi, W., Lestiawan, H., Sani, R. R., Hussein, J. N., & Rafrastara, F. A. (2025). XGBoost-powered ransomware detection: A gradient-based machine learning approach for robust performance. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control.

Gupta, P., et al. (2025). Cyber threats prediction and analysis using machine learning algorithms. JETIR, 25(3), 112–125.

Johnson, T., et al. (2025). Enhanced insider threat detection using machine learning and digital forensics. JETIR, 11(4), 132–144.

Kajjam, V., Shivakumar, K., Bhavani, S., Kumar, M. S., Reddy, S. S., & Medishetti, S. K. (2025). Preventing data leakage risks from DDoS and phishing attacks using random forest algorithm. In Proceedings of the 4th International Conference on Innovative Mechanisms for Industry Applications (ICIMIA) (pp. 1139–1146).

Kesarwani, V., & Rajesh, E. (2024). Advanced detection of malicious URLs using machine learning: A comparative analysis of SVM, random forest, and logistic regression. In Proceedings of the 1st International Conference on Advances in Computing, Communication and Networking (ICAC2N) (pp. 228–233).

Khan, M. M., & Alkhathami, M. (2024). Anomaly detection in IoT-based healthcare: Machine learning for enhanced security. Scientific Reports, 14(1), 5872.

Kumar, A., et al. (2025). Cyber forensics with machine learning classifiers. IEEE Access, 12(5), 99–110.

Lee, D., et al. (2025). Malware classification using SVM and XGBoost. ResearchGate, 31(6), 55–70.

Manoharan, R., et al. (2025). Decision trees in intrusion detection: A comparative analysis. Telecommunications Systems, 22(4), 89–100.

Oh, J., Lee, S., & Hwang, H. (2024). Forensic detection of timestamp manipulation for digital forensic investigation. IEEE Access, 12, 72544–72565.

Pandian, A. P., Anakath, A. S., Kannadasan, R., Ravikumar, K., & Kareem, D. A. (2024). Forensic investigation of malicious activities in digital environments. In Proceedings of the 4th International Conference on Data Engineering and Communication Systems (ICDECS) (pp. 1–5).

Patel, R., et al. (2025). Machine learning algorithms for cyber threat prediction. WJAETS, 11, 205–217.

Puchalski, D., Pawlicki, M., Kozik, R., Renk, R., & Choraś, M. (2024). Trustworthy AI-based cyber-attack detector for network cyber crime forensics. In Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES) (pp. 1–8).

Rao, S., et al. (2025). Digital forensics for detecting and investigating cyber malicious activities using XGBoost. Journal of Computer Science & Technology, 29(1), 10–18.

Sharma, N., et al. (2025). Hyperparameter tuning-based optimized performance analysis of ML algorithms for network intrusion detection. arXiv.

Smith, J., et al. (2025). Predicting cyber attack types using XGBoost: A data mining approach to enhance legal frameworks for cybersecurity. Journal of Cybersecurity, 25(1), 45–59.

Zhang, L., et al. (2025). Comparative analysis of machine learning models for malware detection in Android devices. Journal of Network Security, 20(2), 132–145.

Ahmed, S. T., Kumar, V. V., Singh, K. K., Singh, A., Muthukumaran, V., & Gupta, D. (2022). 6G enabled federated learning for secure IoMT resource recommendation and propagation analysis. Computers and Electrical Engineering, 102, 108210.

Ahmed, S. T., Kaladevi, A. C., Shankar, A., & Alqahtani, F. (2025). Privacy enhanced edge-ai healthcare devices authentication: a federated learning approach. IEEE Transactions on Consumer Electronics.

Ahmed, S. T., Fathima, A. S., Mathivanan, S. K., Jayagopal, P., Saif, A., Gupta, S. K., & Sinha, G. (2024). iLIAC: An approach of identifying dissimilar groups on unstructured numerical image dataset using improved agglomerative clustering technique. Multimedia Tools and Applications, 83(39), 86359-86381.

Fathima, A. S., Reema, S., & Ahmed, S. T. (2023). ANN based fake profile detection and categorization using premetric paradigms on instagram. In 2023 Innovations in Power and Advanced Computing Technologies (i-PACT)(pp. 1-6).