A study on Automated Cyberattacks Detection and Visualization

With technology evolving, cyberattacks are increasing massively. Therefore, companies and organizations are obliged to implement high-security measures to prevent, mitigate, and respond to such attacks. If a company faces a cyberattack, it should pass through the post-incident forensics analysis phase. This phase is a significant part of the investigation process since it provides valuable information on how the attack was conducted and where the vulnerability was, allowing the security team to patch it and learn how to defend against future attacks. For that reason, this paper aims to discuss a passive analysis of network traffic and review the current network traffic analysis tools and techniques, summarize, analyze, and compare them based on pre-defined criteria to find the literature gap to address it. The gap found after the analysis is that no tool suffices for all purposes of network traffic passive analysis, in terms of both detecting the presence of attacks as well as to visualizing the traffic flow.