XDQEDCNN: Design of an efficient explainable model using Deep Q-Network and enhanced deep convolutional neural network for Distributed Denial-of-Service (DDoS) attack forensic analysis and investigation

As Distributed Denial-of-Service (DDoS) attacks become more frequent and sophisticated, this paper addresses the limitations of existing network forensic analysis and investigation methods. It introduces an integrated model that merges network forensic analysis and investigation to enhance network security. The model functions across three phases: Attack Pattern Discovery, Analysis utilizing Deep Q-Network (DQN) & Explainable AI (XAI) and Investigation employing Enhanced Deep Convolutional Neural Network (EDCNN). Through empirical evaluation, the proposed model demonstrates notable enhancements in identifying and investigating forensic events. For forensic event identification, it demonstrates an 8.9% improvement in precision, 4.% in accuracy, 6.8% in recall, 6.7% in Area Under the Curve (AUC) and 5.9% in specificity. It also improves precision by 8.0%, accuracy by 5.7%, recall by 6.3%, AUC by 6.5% and specificity by 5.7% while studying forensic events. These results demonstrate how well the model works to offer a practical and efficient solution for network forensic analysis and investigation. This study represents important advancements in the field by highlighting the potential of fusing deep learning architectures with machine learning approaches to develop and improve network security solutions.