Abstract
The exponential growth in technology observed over the past decade has introduced newer ways to exploit network and cyber-physical system-related vulnerabilities. Cybercriminals perform malware attacks by exploiting vulnerabilities to cause damage to a network or computer without any victim's knowledge. The attack sites from where the vulnerabilities are exploited provide concrete evidence that can be collected and used against the attackers (cybercriminals) under cyber law jurisdiction. The collected digital pieces of evidence can easily be damaged by various attack techniques. The investigation of the crime is purely dependent on the raw evidence that must be protected for correct investigation. In this article, a crypto-evidence preservation and evidence collecting model is proposed. The model is used to detect malware attacks, preserve evidence, and categorize the network traffic data into suitable classes as either malicious or non-malicious. It successfully preserves collected digital pieces of evidence and keeps them in protected mode (tamper-safe). The meta-data for malware traffic is extracted using deep learning and machine learning classifiers. The various studies have shown that deep learning supports the analysis of large data sets efficiently whereas ensemble classifiers increase the probability for better prediction analysis of malware and real-time data flowing through a network. This article proposes an ensemble classifier-based deep learning model to investigate malicious packets, preserve evidence using the SHA-256 crypto-system, learn on collected data and keep the pieces of evidence alive (availability of data) when needed in the forensic investigation on the network for a malware attack. The proposed model outperforms various existing models with an average score of 97% (F1-score) for malware detection and evidence preservation. Further, the scope of the work is discussed which can be explored by the researchers for their study.
Similar content being viewed by others
References
Kumar, G., Saha, R., Lal, C., & Conti, M. (2021). Internet-of-Forensic (IoF): A blockchain based digital forensics framework for IoT applications. Future Generation Computer Systems, 120, 13–25. https://doi.org/10.1016/j.future.2021.02.016
Wu, Y., Dai, H. N., Wang, H., & Choo, K. K. R. (2021). Blockchain-based privacy preservation for 5g-enabled drone communications. IEEE Network, 35(1), 50–56.
Pilli, E. S., Joshi, R. C., & Niyogi, R. (2010). A generic framework for network forensics. International Journal of Computer Applications, 1(11), 1–6. https://doi.org/10.5120/251-408
Buric, J. & Delija, D. (2015). Challenges in network forensics. In 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1382–1386, IEEE. doi: https://doi.org/10.1109/MIPRO.2015.7160490
Cath, C. (2018). Governing artificial intelligence: Ethical, legal and technical opportunities and challenges. Philosophical Transactions R Society, 376, 1–8. https://doi.org/10.1098/rsta.2018.0080
Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information processing capability The case of cybersecurity incident response. Decision Support Systems, 143, 113476.
Chu, H. C., Deng, D. J., & Park, J. H. (2011). Live data mining concerning social networking forensics based on a facebook session through aggregation of social data. IEEE Journal on Selected Areas in Communications, 29(7), 1368–1376. https://doi.org/10.1109/JSAC.2011.110804
Han, Q., Molinaro, C., Picariello, A., Sperli, G., Subrahmanian, V. S., & Xiong, Y. (2021). Generating fake documents using probabilistic logic graphs. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2021.3058994
Liu, C., Singhal, A. & Wijesekera, D. (2012). Mapping evidence graphs to attack graphs. In 2012 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 121–126, IEEE. doi: https://doi.org/10.1109/WIFS.2012.6412636
Abraham, S., & Nair, S. (2015). A predictive framework for cyber security analytics using attack graphs. International Journal of Computer Networks & Communications, 7(1), 1–17. https://doi.org/10.5121/ijcnc.2015.7101
Achleitner, S., La Porta, T., Jaeger, T. & McDaniel, P. (2017). Adversarial network forensics in software defined networking. In Proceedings of the Symposium on SDN Research, pp. 8–20. doi: https://doi.org/10.1145/3050220.3050223
Ariffin, K. A. Z., & Ahmad, F. H. (2021). Indicators for maturity and readiness for digital forensic investigation in era of industrial revolution 4 0. Computers & Security, 105, 102237.
Phong, L. T., Aono, Y., Hayashi, T., Wang, L., & Moriai, S. (2018). Privacy preserving deep learning via additively homomorphic encryption. IEEE Transactions Information Forensics and Security, 13(5), 1333–1345. https://doi.org/10.1109/TIFS.2017.2787987
Xiang, J. & Chen, L. (2018). A Method of Docker Container Forensics Based on API. In ICCSP 2018 Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 159–164. doi: https://doi.org/10.1145/3199478.3199506
Bhardwaj, S., Swami, R., & Dave, M. (2021). Forensic Investigation-Based Framework for SDN Using Blockchain. In Revolutionary Applications of Blockchain-Enabled Privacy and Access Control, pp. 74–98, IGI Global. https://doi.org/10.4018/978-1-7998-7589-5.ch004
Hemdan, E. E. D., & Manjaiah, D. H. (2021). An efficient digital forensic model for cybercrimes investigation in cloud computing. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-020-10358-x
Rao, P. R. M., Krishna, S. M., & Kumar, A. S. (2018). Privacy preservation techniques in big data analytics: A survey. Journal of Big Data, 5(1), 33. https://doi.org/10.1186/s40537-018-0141-8
Shen, W., Qin, J., Yu, J., Hao, R., & Hu, J. (2018). Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Transactions on Information Forensics and Security, 14(2), 331–346. https://doi.org/10.1109/TIFS.2018.2850312
Wang, H., Yang, G., Chinprutthiwong, P., Xu, L., Zhang, Y. & Gu, G. (2018). Towards fine-grained network security forensics and diagnosis in the SDN era. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 3–16. doi: https://doi.org/10.1145/3243734.3243749
Brockelsby, W. & Dutta, R. (2019). A Graded Approach to Network Forensics with Privacy Concerns. In 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 292–297, IEEE. doi: https://doi.org/10.1109/ICCNC.2019.8685654
Baddar, S. A. H., Merlo, A., & Migliardi, M. (2019). Behavioral-anomaly detection in forensics analysis. IEEE Security & Privacy, 17(1), 55–62. https://doi.org/10.1109/MSEC.2019.2894917
Karie, N. M., Kebande, V. R., & Venter, H. S. (2019). Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Science International: Synergy, 1, 61–67. https://doi.org/10.1016/j.fsisyn.2019.03.006
Ulloa, C., Ballesteros, D. M., & Renza, D. (2021). Video forensics: Identifying colorized images using deep learning. Applied Sciences, 11(2), 476. https://doi.org/10.3390/app11020476
Domingues, P. & Rosário, A.F. (2019). Deep Learning-based Facial Detection and Recognition in Still Images for Digital Forensics. In ARES’19: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10. https://doi.org/10.1145/3339252.3340107
Alladi, T., Chamola, V., Sikdar, B., & Choo, K. K. R. (2020). Consumer IoT: Security vulnerability case studies and solutions. IEEE Consumer Electronics Magazine, 9(2), 17–25. https://doi.org/10.1109/MCE.2019.2953740
Jan, M. Z., & Verma, B. (2019). A novel diversity measure and classifier selection approach for generating ensemble classifiers. IEEE Access, 7, 156360–156373. https://doi.org/10.1109/ACCESS.2019.2949059
Jozdani, S. E., Johnson, B. A., & Chen, D. (2019). Comparing deep neural networks, ensemble classifiers, and support vector machine algorithms for object-based urban land use/land cover classification. Remote Sensing, 11(14), 1713. https://doi.org/10.3390/rs11141713
Michail, H. E., Athanasiou, G. S., Theodoridis, G., Gregoriades, A., & Goutis, C. E. (2016). Design and implementation of totally-self checking SHA-1 and SHA-256 hash functions’ architectures. Microprocessors and Microsystems, 45(227–240), 1345. https://doi.org/10.1016/j.micpro.2016.05.011
Hossain, M. R., & Hoque, M. M. (2019). Automatic Bengali Document Categorization Based on Deep Convolution Nets. In N. Shetty, L. Patnaik, H. Nagaraj, P. Hamsavath & N. Nalini (Eds.), Emerging Research in Computing, Information, Communication and Applications. Advances in Intelligent Systems and Computing. Singapore: Springer. https://doi.org/10.1007/978-981-13-5953-8_43
Islam, M., Mahmood, A. N., Watters, P., & Alazab, M. (2019). Forensic Detection of Child Exploitation Material Using Deep Learning. In M. Alazab, & M. Tang (Eds.), Deep Learning Applications for Cyber Security. Advanced Sciences and Technologies for Security Applications. Cham: Springer. https://doi.org/10.1007/978-3-030-13057-2_10
Agrawal, P., & Trivedi, B. (2021). Machine Learning Classifiers for Android Malware Detection. In N. Sharma, A. Chakrabarti, V. Balas, & J. Martinovic (Eds.), Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing (Vol. 1174). Singapore: Springer. https://doi.org/10.1007/978-981-15-5616-6_22
Kaggle Dataset. [Online] https://www.kaggle.com/c/microsoft-malware-prediction (Accessed 7 April 2021).
CTU-13 Dataset. [Online] https://www.stratosphereips.org/datasets-ctu13 (Accessed 7 April 2021).
CTU2019 Malware Dataset. [Online] https://www.stratosphereips.org/datasets-malware (Accessed 7 April 2021).
Funding
None.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that there is no conflict of interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bhardwaj, S., Dave, M. Crypto-Preserving Investigation Framework for Deep Learning Based Malware Attack Detection for Network Forensics. Wireless Pers Commun 122, 2701–2722 (2022). https://doi.org/10.1007/s11277-021-09026-6
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-09026-6