Top

Wireless Personal Communications

Published in:

25-08-2021

Crypto-Preserving Investigation Framework for Deep Learning Based Malware Attack Detection for Network Forensics

Authors: Sonam Bhardwaj, Mayank Dave

Published in: Wireless Personal Communications | Issue 3/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The exponential growth in technology observed over the past decade has introduced newer ways to exploit network and cyber-physical system-related vulnerabilities. Cybercriminals perform malware attacks by exploiting vulnerabilities to cause damage to a network or computer without any victim's knowledge. The attack sites from where the vulnerabilities are exploited provide concrete evidence that can be collected and used against the attackers (cybercriminals) under cyber law jurisdiction. The collected digital pieces of evidence can easily be damaged by various attack techniques. The investigation of the crime is purely dependent on the raw evidence that must be protected for correct investigation. In this article, a crypto-evidence preservation and evidence collecting model is proposed. The model is used to detect malware attacks, preserve evidence, and categorize the network traffic data into suitable classes as either malicious or non-malicious. It successfully preserves collected digital pieces of evidence and keeps them in protected mode (tamper-safe). The meta-data for malware traffic is extracted using deep learning and machine learning classifiers. The various studies have shown that deep learning supports the analysis of large data sets efficiently whereas ensemble classifiers increase the probability for better prediction analysis of malware and real-time data flowing through a network. This article proposes an ensemble classifier-based deep learning model to investigate malicious packets, preserve evidence using the SHA-256 crypto-system, learn on collected data and keep the pieces of evidence alive (availability of data) when needed in the forensic investigation on the network for a malware attack. The proposed model outperforms various existing models with an average score of 97% (F1-score) for malware detection and evidence preservation. Further, the scope of the work is discussed which can be explored by the researchers for their study.

previous article Identifying Malicious Secondary User Presence Within Primary User Range in Cognitive Radio Networks

next article Fuzzy Based Relay Node Selection for Achieving Efficient Energy and Reliability in Wireless Body Area Network

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Kumar, G., Saha, R., Lal, C., & Conti, M. (2021). Internet-of-Forensic (IoF): A blockchain based digital forensics framework for IoT applications. Future Generation Computer Systems, 120, 13–25. https://doi.org/10.1016/j.future.2021.02.016CrossRef

Wu, Y., Dai, H. N., Wang, H., & Choo, K. K. R. (2021). Blockchain-based privacy preservation for 5g-enabled drone communications. IEEE Network, 35(1), 50–56.CrossRef

Pilli, E. S., Joshi, R. C., & Niyogi, R. (2010). A generic framework for network forensics. International Journal of Computer Applications, 1(11), 1–6. https://doi.org/10.5120/251-408CrossRef

Buric, J. & Delija, D. (2015). Challenges in network forensics. In 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1382–1386, IEEE. doi: https://doi.org/10.1109/MIPRO.2015.7160490

Cath, C. (2018). Governing artificial intelligence: Ethical, legal and technical opportunities and challenges. Philosophical Transactions R Society, 376, 1–8. https://doi.org/10.1098/rsta.2018.0080CrossRef

Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information processing capability The case of cybersecurity incident response. Decision Support Systems, 143, 113476.CrossRef

Chu, H. C., Deng, D. J., & Park, J. H. (2011). Live data mining concerning social networking forensics based on a facebook session through aggregation of social data. IEEE Journal on Selected Areas in Communications, 29(7), 1368–1376. https://doi.org/10.1109/JSAC.2011.110804CrossRef

Han, Q., Molinaro, C., Picariello, A., Sperli, G., Subrahmanian, V. S., & Xiong, Y. (2021). Generating fake documents using probabilistic logic graphs. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2021.3058994CrossRef

Liu, C., Singhal, A. & Wijesekera, D. (2012). Mapping evidence graphs to attack graphs. In 2012 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 121–126, IEEE. doi: https://doi.org/10.1109/WIFS.2012.6412636

10.

Abraham, S., & Nair, S. (2015). A predictive framework for cyber security analytics using attack graphs. International Journal of Computer Networks & Communications, 7(1), 1–17. https://doi.org/10.5121/ijcnc.2015.7101CrossRef

11.

Achleitner, S., La Porta, T., Jaeger, T. & McDaniel, P. (2017). Adversarial network forensics in software defined networking. In Proceedings of the Symposium on SDN Research, pp. 8–20. doi: https://doi.org/10.1145/3050220.3050223

12.

Ariffin, K. A. Z., & Ahmad, F. H. (2021). Indicators for maturity and readiness for digital forensic investigation in era of industrial revolution 4 0. Computers & Security, 105, 102237.CrossRef

13.

Phong, L. T., Aono, Y., Hayashi, T., Wang, L., & Moriai, S. (2018). Privacy preserving deep learning via additively homomorphic encryption. IEEE Transactions Information Forensics and Security, 13(5), 1333–1345. https://doi.org/10.1109/TIFS.2017.2787987CrossRef

14.

Xiang, J. & Chen, L. (2018). A Method of Docker Container Forensics Based on API. In ICCSP 2018 Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 159–164. doi: https://doi.org/10.1145/3199478.3199506

15.

Bhardwaj, S., Swami, R., & Dave, M. (2021). Forensic Investigation-Based Framework for SDN Using Blockchain. In Revolutionary Applications of Blockchain-Enabled Privacy and Access Control, pp. 74–98, IGI Global. https://doi.org/10.4018/978-1-7998-7589-5.ch004

16.

Hemdan, E. E. D., & Manjaiah, D. H. (2021). An efficient digital forensic model for cybercrimes investigation in cloud computing. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-020-10358-xCrossRef

17.

Rao, P. R. M., Krishna, S. M., & Kumar, A. S. (2018). Privacy preservation techniques in big data analytics: A survey. Journal of Big Data, 5(1), 33. https://doi.org/10.1186/s40537-018-0141-8CrossRef

18.

Shen, W., Qin, J., Yu, J., Hao, R., & Hu, J. (2018). Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Transactions on Information Forensics and Security, 14(2), 331–346. https://doi.org/10.1109/TIFS.2018.2850312CrossRef

19.

Wang, H., Yang, G., Chinprutthiwong, P., Xu, L., Zhang, Y. & Gu, G. (2018). Towards fine-grained network security forensics and diagnosis in the SDN era. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 3–16. doi: https://doi.org/10.1145/3243734.3243749

20.

Brockelsby, W. & Dutta, R. (2019). A Graded Approach to Network Forensics with Privacy Concerns. In 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 292–297, IEEE. doi: https://doi.org/10.1109/ICCNC.2019.8685654

21.

Baddar, S. A. H., Merlo, A., & Migliardi, M. (2019). Behavioral-anomaly detection in forensics analysis. IEEE Security & Privacy, 17(1), 55–62. https://doi.org/10.1109/MSEC.2019.2894917CrossRef

22.

Karie, N. M., Kebande, V. R., & Venter, H. S. (2019). Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Science International: Synergy, 1, 61–67. https://doi.org/10.1016/j.fsisyn.2019.03.006CrossRef

23.

Ulloa, C., Ballesteros, D. M., & Renza, D. (2021). Video forensics: Identifying colorized images using deep learning. Applied Sciences, 11(2), 476. https://doi.org/10.3390/app11020476CrossRef

24.

Domingues, P. & Rosário, A.F. (2019). Deep Learning-based Facial Detection and Recognition in Still Images for Digital Forensics. In ARES’19: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10. https://doi.org/10.1145/3339252.3340107

25.

Alladi, T., Chamola, V., Sikdar, B., & Choo, K. K. R. (2020). Consumer IoT: Security vulnerability case studies and solutions. IEEE Consumer Electronics Magazine, 9(2), 17–25. https://doi.org/10.1109/MCE.2019.2953740CrossRef

26.

Jan, M. Z., & Verma, B. (2019). A novel diversity measure and classifier selection approach for generating ensemble classifiers. IEEE Access, 7, 156360–156373. https://doi.org/10.1109/ACCESS.2019.2949059CrossRef

27.

Jozdani, S. E., Johnson, B. A., & Chen, D. (2019). Comparing deep neural networks, ensemble classifiers, and support vector machine algorithms for object-based urban land use/land cover classification. Remote Sensing, 11(14), 1713. https://doi.org/10.3390/rs11141713CrossRef

28.

Michail, H. E., Athanasiou, G. S., Theodoridis, G., Gregoriades, A., & Goutis, C. E. (2016). Design and implementation of totally-self checking SHA-1 and SHA-256 hash functions’ architectures. Microprocessors and Microsystems, 45(227–240), 1345. https://doi.org/10.1016/j.micpro.2016.05.011CrossRef

29.

Hossain, M. R., & Hoque, M. M. (2019). Automatic Bengali Document Categorization Based on Deep Convolution Nets. In N. Shetty, L. Patnaik, H. Nagaraj, P. Hamsavath & N. Nalini (Eds.), Emerging Research in Computing, Information, Communication and Applications. Advances in Intelligent Systems and Computing. Singapore: Springer. https://doi.org/10.1007/978-981-13-5953-8_43

30.

Islam, M., Mahmood, A. N., Watters, P., & Alazab, M. (2019). Forensic Detection of Child Exploitation Material Using Deep Learning. In M. Alazab, & M. Tang (Eds.), Deep Learning Applications for Cyber Security. Advanced Sciences and Technologies for Security Applications. Cham: Springer. https://doi.org/10.1007/978-3-030-13057-2_10

31.

Agrawal, P., & Trivedi, B. (2021). Machine Learning Classifiers for Android Malware Detection. In N. Sharma, A. Chakrabarti, V. Balas, & J. Martinovic (Eds.), Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing (Vol. 1174). Singapore: Springer. https://doi.org/10.1007/978-981-15-5616-6_22

32.

Kaggle Dataset. [Online] https://www.kaggle.com/c/microsoft-malware-prediction (Accessed 7 April 2021).

33.

CTU-13 Dataset. [Online] https://www.stratosphereips.org/datasets-ctu13 (Accessed 7 April 2021).

34.

CTU2019 Malware Dataset. [Online] https://www.stratosphereips.org/datasets-malware (Accessed 7 April 2021).

Title: Crypto-Preserving Investigation Framework for Deep Learning Based Malware Attack Detection for Network Forensics
Authors: Sonam Bhardwaj
Mayank Dave
Publication date: 25-08-2021
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2022
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-021-09026-6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2022

Correction to: Partially Overlapped Channel Assignment for Cloud-Based Heterogeneous Cellular and Mesh Networks

Improved K-Means Based Q Learning Algorithm for Optimal Clustering and Node Balancing in WSN

Trilateral Spearman Katz Centrality Based Least Angle Regression for Influential Node Tracing in Social Network

Communication Solutions for Vehicle Ad-hoc Network in Smart Cities Environment: A Comprehensive Survey

Duty Cycle Optimization Using Game Theory Two Master Nodes Cooperative Protocol in WBAN

Resource Utilization for IoT Oriented Framework Using Zero Hour Policy