In the prevailing convergence of traditional infrastructure-based deployment (i.e., Telco and industry operational networks) towards evolving deployments enabled by 5G and virtualization, there is a keen interest in elaborating effective security controls to protect these deployments in-depth. By considering key enabling technologies like 5G and virtualization, evolving networks are democratized, facilitating the establishment of point presences integrating different business models ranging from media, dynamic web content, gaming, and a plethora of IoT use cases. Despite the increasing services provided by evolving networks, many cybercrimes and attacks have been launched in evolving networks to perform malicious activities. Due to the limitations of traditional security artifacts (e.g., firewalls and intrusion detection systems), the research on digital forensic data analytics has attracted more attention. Digital forensic analytics enables people to derive detailed information and comprehensive conclusions from different perspectives of cybercrimes to assist in convicting criminals and preventing future crimes. This chapter presents a digital analytics framework for network anomaly detection, including multi-perspective feature engineering, unsupervised anomaly detection, and comprehensive result correction procedures. Experiments on real-world evolving network data show the effectiveness of the proposed forensic data analytics solution.

翻译：在传统基础设施型部署（如电信与行业运营网络）向由5G和虚拟化技术赋能的新型部署模式转变的主流趋势下，如何构建深度安全防护体系以保护这些部署已成为研究热点。通过整合5G与虚拟化等关键使能技术，演化网络实现了民主化进程，促进了融合媒体、动态网页内容、游戏及海量物联网用例等多元化商业模式的节点部署。尽管演化网络提供的服务日益丰富，但针对此类网络发起的网络犯罪与攻击事件仍持续增多。由于传统安全组件（例如防火墙与入侵检测系统）存在局限性，数字取证数据分析研究日益受到关注。数字取证分析技术能够从不同维度解析网络犯罪活动，获取详尽信息与综合性结论，从而协助定罪犯罪者并预防未来犯罪。本章提出了面向网络异常检测的数字分析框架，涵盖多视角特征工程、无监督异常检测及综合结果校正流程。基于真实演化网络数据的实验验证了所提取证数据分析方案的有效性。