Skip to main content
SpringerLink
Log in

Crypto-Preserving Investigation Framework for Deep Learning Based Malware Attack Detection for Network Forensics

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The exponential growth in technology observed over the past decade has introduced newer ways to exploit network and cyber-physical system-related vulnerabilities. Cybercriminals perform malware attacks by exploiting vulnerabilities to cause damage to a network or computer without any victim's knowledge. The attack sites from where the vulnerabilities are exploited provide concrete evidence that can be collected and used against the attackers (cybercriminals) under cyber law jurisdiction. The collected digital pieces of evidence can easily be damaged by various attack techniques. The investigation of the crime is purely dependent on the raw evidence that must be protected for correct investigation. In this article, a crypto-evidence preservation and evidence collecting model is proposed. The model is used to detect malware attacks, preserve evidence, and categorize the network traffic data into suitable classes as either malicious or non-malicious. It successfully preserves collected digital pieces of evidence and keeps them in protected mode (tamper-safe). The meta-data for malware traffic is extracted using deep learning and machine learning classifiers. The various studies have shown that deep learning supports the analysis of large data sets efficiently whereas ensemble classifiers increase the probability for better prediction analysis of malware and real-time data flowing through a network. This article proposes an ensemble classifier-based deep learning model to investigate malicious packets, preserve evidence using the SHA-256 crypto-system, learn on collected data and keep the pieces of evidence alive (availability of data) when needed in the forensic investigation on the network for a malware attack. The proposed model outperforms various existing models with an average score of 97% (F1-score) for malware detection and evidence preservation. Further, the scope of the work is discussed which can be explored by the researchers for their study.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Kumar, G., Saha, R., Lal, C., & Conti, M. (2021). Internet-of-Forensic (IoF): A blockchain based digital forensics framework for IoT applications. Future Generation Computer Systems, 120, 13–25. https://doi.org/10.1016/j.future.2021.02.016

    Article  Google Scholar 

  2. Wu, Y., Dai, H. N., Wang, H., & Choo, K. K. R. (2021). Blockchain-based privacy preservation for 5g-enabled drone communications. IEEE Network, 35(1), 50–56.

    Article  Google Scholar 

  3. Pilli, E. S., Joshi, R. C., & Niyogi, R. (2010). A generic framework for network forensics. International Journal of Computer Applications, 1(11), 1–6. https://doi.org/10.5120/251-408

    Article  Google Scholar 

  4. Buric, J. & Delija, D. (2015). Challenges in network forensics. In 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1382–1386, IEEE. doi: https://doi.org/10.1109/MIPRO.2015.7160490

  5. Cath, C. (2018). Governing artificial intelligence: Ethical, legal and technical opportunities and challenges. Philosophical Transactions R Society, 376, 1–8. https://doi.org/10.1098/rsta.2018.0080

    Article  Google Scholar 

  6. Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information processing capability The case of cybersecurity incident response. Decision Support Systems, 143, 113476.

    Article  Google Scholar 

  7. Chu, H. C., Deng, D. J., & Park, J. H. (2011). Live data mining concerning social networking forensics based on a facebook session through aggregation of social data. IEEE Journal on Selected Areas in Communications, 29(7), 1368–1376. https://doi.org/10.1109/JSAC.2011.110804

    Article  Google Scholar 

  8. Han, Q., Molinaro, C., Picariello, A., Sperli, G., Subrahmanian, V. S., & Xiong, Y. (2021). Generating fake documents using probabilistic logic graphs. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2021.3058994

    Article  Google Scholar 

  9. Liu, C., Singhal, A. & Wijesekera, D. (2012). Mapping evidence graphs to attack graphs. In 2012 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 121–126, IEEE. doi: https://doi.org/10.1109/WIFS.2012.6412636

  10. Abraham, S., & Nair, S. (2015). A predictive framework for cyber security analytics using attack graphs. International Journal of Computer Networks & Communications, 7(1), 1–17. https://doi.org/10.5121/ijcnc.2015.7101

    Article  Google Scholar 

  11. Achleitner, S., La Porta, T., Jaeger, T. & McDaniel, P. (2017). Adversarial network forensics in software defined networking. In Proceedings of the Symposium on SDN Research, pp. 8–20. doi: https://doi.org/10.1145/3050220.3050223

  12. Ariffin, K. A. Z., & Ahmad, F. H. (2021). Indicators for maturity and readiness for digital forensic investigation in era of industrial revolution 4 0. Computers & Security, 105, 102237.

    Article  Google Scholar 

  13. Phong, L. T., Aono, Y., Hayashi, T., Wang, L., & Moriai, S. (2018). Privacy preserving deep learning via additively homomorphic encryption. IEEE Transactions Information Forensics and Security, 13(5), 1333–1345. https://doi.org/10.1109/TIFS.2017.2787987

    Article  Google Scholar 

  14. Xiang, J. & Chen, L. (2018). A Method of Docker Container Forensics Based on API. In ICCSP 2018 Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 159–164. doi: https://doi.org/10.1145/3199478.3199506

  15. Bhardwaj, S., Swami, R., & Dave, M. (2021). Forensic Investigation-Based Framework for SDN Using Blockchain. In Revolutionary Applications of Blockchain-Enabled Privacy and Access Control, pp. 74–98, IGI Global. https://doi.org/10.4018/978-1-7998-7589-5.ch004

  16. Hemdan, E. E. D., & Manjaiah, D. H. (2021). An efficient digital forensic model for cybercrimes investigation in cloud computing. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-020-10358-x

    Article  Google Scholar 

  17. Rao, P. R. M., Krishna, S. M., & Kumar, A. S. (2018). Privacy preservation techniques in big data analytics: A survey. Journal of Big Data, 5(1), 33. https://doi.org/10.1186/s40537-018-0141-8

    Article  Google Scholar 

  18. Shen, W., Qin, J., Yu, J., Hao, R., & Hu, J. (2018). Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Transactions on Information Forensics and Security, 14(2), 331–346. https://doi.org/10.1109/TIFS.2018.2850312

    Article  Google Scholar 

  19. Wang, H., Yang, G., Chinprutthiwong, P., Xu, L., Zhang, Y. & Gu, G. (2018). Towards fine-grained network security forensics and diagnosis in the SDN era. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 3–16. doi: https://doi.org/10.1145/3243734.3243749

  20. Brockelsby, W. & Dutta, R. (2019). A Graded Approach to Network Forensics with Privacy Concerns. In 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 292–297, IEEE. doi: https://doi.org/10.1109/ICCNC.2019.8685654

  21. Baddar, S. A. H., Merlo, A., & Migliardi, M. (2019). Behavioral-anomaly detection in forensics analysis. IEEE Security & Privacy, 17(1), 55–62. https://doi.org/10.1109/MSEC.2019.2894917

    Article  Google Scholar 

  22. Karie, N. M., Kebande, V. R., & Venter, H. S. (2019). Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Science International: Synergy, 1, 61–67. https://doi.org/10.1016/j.fsisyn.2019.03.006

    Article  Google Scholar 

  23. Ulloa, C., Ballesteros, D. M., & Renza, D. (2021). Video forensics: Identifying colorized images using deep learning. Applied Sciences, 11(2), 476. https://doi.org/10.3390/app11020476

    Article  Google Scholar 

  24. Domingues, P. & Rosário, A.F. (2019). Deep Learning-based Facial Detection and Recognition in Still Images for Digital Forensics. In ARES’19: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10. https://doi.org/10.1145/3339252.3340107

  25. Alladi, T., Chamola, V., Sikdar, B., & Choo, K. K. R. (2020). Consumer IoT: Security vulnerability case studies and solutions. IEEE Consumer Electronics Magazine, 9(2), 17–25. https://doi.org/10.1109/MCE.2019.2953740

    Article  Google Scholar 

  26. Jan, M. Z., & Verma, B. (2019). A novel diversity measure and classifier selection approach for generating ensemble classifiers. IEEE Access, 7, 156360–156373. https://doi.org/10.1109/ACCESS.2019.2949059

    Article  Google Scholar 

  27. Jozdani, S. E., Johnson, B. A., & Chen, D. (2019). Comparing deep neural networks, ensemble classifiers, and support vector machine algorithms for object-based urban land use/land cover classification. Remote Sensing, 11(14), 1713. https://doi.org/10.3390/rs11141713

    Article  Google Scholar 

  28. Michail, H. E., Athanasiou, G. S., Theodoridis, G., Gregoriades, A., & Goutis, C. E. (2016). Design and implementation of totally-self checking SHA-1 and SHA-256 hash functions’ architectures. Microprocessors and Microsystems, 45(227–240), 1345. https://doi.org/10.1016/j.micpro.2016.05.011

    Article  Google Scholar 

  29. Hossain, M. R., & Hoque, M. M. (2019). Automatic Bengali Document Categorization Based on Deep Convolution Nets. In N. Shetty, L. Patnaik, H. Nagaraj, P. Hamsavath & N. Nalini (Eds.), Emerging Research in Computing, Information, Communication and Applications. Advances in Intelligent Systems and Computing. Singapore: Springer. https://doi.org/10.1007/978-981-13-5953-8_43

  30. Islam, M., Mahmood, A. N., Watters, P., & Alazab, M. (2019). Forensic Detection of Child Exploitation Material Using Deep Learning. In M. Alazab, & M. Tang (Eds.), Deep Learning Applications for Cyber Security. Advanced Sciences and Technologies for Security Applications. Cham: Springer. https://doi.org/10.1007/978-3-030-13057-2_10

  31. Agrawal, P., & Trivedi, B. (2021). Machine Learning Classifiers for Android Malware Detection. In N. Sharma, A. Chakrabarti, V. Balas, & J. Martinovic (Eds.), Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing (Vol. 1174). Singapore: Springer. https://doi.org/10.1007/978-981-15-5616-6_22

  32. Kaggle Dataset. [Online] https://www.kaggle.com/c/microsoft-malware-prediction (Accessed 7 April 2021).

  33. CTU-13 Dataset. [Online] https://www.stratosphereips.org/datasets-ctu13 (Accessed 7 April 2021).

  34. CTU2019 Malware Dataset. [Online] https://www.stratosphereips.org/datasets-malware (Accessed 7 April 2021).

Download references

Funding

None.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology, Kurukshetra, 136119, India

    Sonam Bhardwaj & Mayank Dave

Authors
  1. Sonam Bhardwaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mayank Dave
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sonam Bhardwaj.

Ethics declarations

Conflicts of interest

The authors declare that there is no conflict of interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bhardwaj, S., Dave, M. Crypto-Preserving Investigation Framework for Deep Learning Based Malware Attack Detection for Network Forensics. Wireless Pers Commun 122, 2701–2722 (2022). https://doi.org/10.1007/s11277-021-09026-6

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-09026-6

Keywords

Search

Navigation