Attacks Recognition Using Recurrent Neural Network Araceli Barradas-Acosta, Eleazar Aguirre-Anaya, Mariko Nakano-Miytake Hector Perez-Meana SEPI-ESIME Culhuacan Instituto Politécnico Nacional Av. Santa Ana No.1000 Col. San Francisco Culhuacan Mexico, D.F shelyilecara@hotmail.com, eaa@calmecac.esimecu.ipn.mx, hmperezm@ipn.mx Abstract: - The influence of computer technology on the human activities has greatly increased during the last three decades, due to major developments in the VLSI technology. However this widespread use of computer equipments has generated computer a considerable increase of computer crimes. To reduce this problem it is necessary to carried out a network analysis using the computer network traffic. However the increase of network traffic is huge, doing the analysis of traffic data complicated. Thus it is required to develop an effective and automatic algorithm to carry out the traffic network analysis, facilitating I such way the expert forensic work. This paper proposes a network analysis algorithm using recurrent neural network that can analyze computer network attacks facilitating the evidence extraction. Proposed algorithm can reduce time and cost of forensic analysis. Key-Words: - Network Forensic, Recurrent Neural Network, Forensic Analysis 1 Introduction The computer science has an important impact in fields such as medicine, economy, communications, educational activities, entertainment, etc., which determine the form in which most people conduct their activities. Thus the importance of computer technology in the development process of a country is huge. There are several programs within a computer operating with open network connections that related with business transactions, bank operation, communication, industrial processes, research, security, etc. The correct operation of all of these transactions is highly dependent on a proper development of computer technology, because, although some these programs are developed for valid or legal purposes, other programs are developed by people with criminal motives. As a result of the last mentioned programs have emerged informatics attacks whose goal is to achieve illegal access, compromising the computers security to obtain information regarding the access to the network, identify the access sources, theft of personal identities, disable the online business, generate network traffic, delete or extract business or personal information, etc. However, because not all attempts to access the network can be considered as an attack, is a complicated job to easily discriminate between attacks and not attack, because it has not easily detected symptoms. As a response to the growing informatics crimes arise the computer forensic science whose goal is to discover, retrieve information about an attack, implementing a review of all attack with several tools and algorithms that can adequately perform this task, generating in such way the evidence to submit it to a personal legal action or to reconstruct attacked actions. This paper proposes a network analysis method to extract attacks evidence. To this end an automatic and effective algorithm at the forensic analysis stage of the network is proposed, based on recurrent neural networks. Recurrent neural networks (RNN), which intend to emulate the behavior of the human brain, have the ability to learn and extract information from an input sequence to carry out a classification of attacks on the network. Thus with a RNN algorithm it is possible to extract evidence that the network has been compromised or attacked. 2 Network Attack It is necessary to take into account some concepts before performing a network information capture. 2.1 Attack Due to the great development of computer technology to generate informatics crimes, many people is trying to harm the computer system or network, where the goal is to attack the computer systems to obtain the desired results such as theft of personal identities, disable online business, generating traffic in a network unexpectedly, delete or extract confidential information, obtain identification of access source, generate viruses or worm without authorization. An attack is a series of steps from attacker to achieve an unauthorized result. An attack generally is composed of five parts which form part of a logical algorithm of an attacker. RECENT ADVANCES IN APPLIED MATHEMATICS AND COMPUTATIONAL AND INFORMATION SCIENCES - Volume II ISSN: 1790-5117 402 ISBN: 978-960-474-071-0