Yinan Zhong,Mingyu Pan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.3390/sym16040443

2024-01-01

Abstract:The past few years have witnessed a wider adoption of Internet of Things (IoT) devices. Since IoT devices are usually deployed in an open and uncertain environment, device authentication is of great importance. However, traditional device fingerprint (DF) extraction methods have several disadvantages. First, existing DF extraction methods need private information from devices to compute DFs, which puts the privacy of devices at stake. Second, the manually designing features-based methods suffer from poor performance. To tackle these limitations, we propose a Linear Residual Neural Network-based DF extraction method, Res-DFNN, which utilizes network packet data in the pcap file to generate DF. The key block is designed according to symmetry, and it is verified by simulation that our method achieves better performance in both non-private and privacy-preserving scenarios.

Maarten Banerveld,Nhien-An Le-Khac,Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.1609.00992

2016-09-05

Abstract:In today world we are confronted with increasing amounts of information every day coming from a large variety of sources. People and co-operations are producing data on a large scale, and since the rise of the internet, e-mail and social media the amount of produced data has grown exponentially. From a law enforcement perspective we have to deal with these huge amounts of data when a criminal investigation is launched against an individual or company. Relevant questions need to be answered like who committed the crime, who were involved, what happened and on what time, who were communicating and about what? Not only the amount of available data to investigate has increased enormously, but also the complexity of this data has increased. When these communication patterns need to be combined with for instance a seized financial administration or corporate document shares a complex investigation problem arises. Recently, criminal investigators face a huge challenge when evidence of a crime needs to be found in the Big Data environment where they have to deal with large and complex datasets especially in financial and fraud investigations. To tackle this problem, a financial and fraud investigation unit of a European country has developed a new tool named LES that uses Natural Language Processing (NLP) techniques to help criminal investigators handle large amounts of textual information in a more efficient and faster way. In this paper, we present briefly this tool and we focus on the evaluation its performance in terms of the requirements of forensic investigation: speed, smarter and easier for investigators. In order to evaluate this LES tool, we use different performance metrics. We also show experimental results of our evaluation with large and complex datasets from real-world application.

Information Retrieval,Computers and Society

Yu Weimin,Xue Ye,Knoops Rob,Yu Danyuan,Balmashnova Evgeniya,Kang Xiaodong,Falgari Pietro,Zheng Dongyun,Liu Pengfei,Chen Hui,Shi He

DOI: https://doi.org/10.1007/s00414-020-02392-z

2020-01-01

International Journal of Legal Medicine

Abstract:Forensic diatom test has been widely accepted as a way of providing supportive evidences in the diagnosis of drowning. The current workflow is primarily based on the observation of diatoms by forensic pathologists under a microscopy, and this process can be very time-consuming. In this paper, we demonstrate a deep learning-based approach for automatically searching diatoms in scanning electron microscopic images. Cross-validation studies were performed to evaluate the influence of magnification on performance. Moreover, various training strategies were tested to improve the performance of detection. The conclusion shows that our approach can satisfy the necessary requirements to be integrated as part of an automatic forensic diatom test.

Raymond Y. K. Lau,Yunqing Xia

DOI: https://doi.org/10.7763/ijfcc.2013.v2.187

2013-01-01

International Journal of Future Computer and Communication

Abstract:Recent research reveals that the number of cyber-attacks has been doubled in the past three years. This is a devastating growth of the number of cyber-attacks, and it reveals a serious business problem around the world. Existing intrusion detection systems (IDSs), intrusion prevention systems (IPSs), and anti-malware systems mainly rely on low-level network traffic features or program code signatures to detect cyber-attacks. However, since hackers can constantly change their attack tactics by, it is extremely difficult for existing security solutions to detect cyber-attacks. There are increasing more evidences showing that cybercriminals tend to exchange cybercrime knowledge and transact via online social media. Accordingly, it presents unprecedented opportunities for security intelligence experts to tap into online social media to extract the vital security intelligence for cyber-attack forensics. The main contributions of this paper are the design, development, and evaluation of a Latent Dirichlet Allocation (LDA)-based latent text mining model for cyber-attack forensics. Our preliminary evaluation of the proposed latent text mining model based on a real-world data set crawled from Twitter and Blog sites shows that it significantly outperforms the probabilistic latent semantic indexing (pLSI) method in terms of extracting more relevant and richer concepts describing real-world cyber-attack incidents.

Youri van der Zee,Jan C. Scholtes,Marcel Westerhoud,Julien Rossi

DOI: https://doi.org/10.48550/arXiv.2103.09606

2021-03-17

Abstract:In modern litigation, fraud investigators often face an overwhelming number of documents that must be reviewed throughout a matter. In the majority of legal cases, fraud investigators do not know beforehand, exactly what they are looking for, nor where to find it. In addition, fraudsters may use deception to hide their behaviour and intentions by using code words. Effectively, this means fraud investigators are looking for a needle in the haystack without knowing what the needle looks like. As part of a larger research program, we use a framework to expedite the investigation process applying text-mining and machine learning techniques. We structure this framework using three well-known methods in fraud investigations: (i) the fraud triangle (ii) the golden ("W") investigation questions, and (iii) the analysis of competing hypotheses. With this framework, it is possible to automatically organize investigative data, so it is easier for investigators to find answers to typical investigative questions. In this research, we focus on one of the components of this framework: the identification of the usage of code words by fraudsters. Here for, a novel (annotated) synthetic data set is created containing such code words, hidden in normal email communication. Subsequently, a range of machine learning techniques are employed to detect such code words. We show that the state-of-the-art BERT model significantly outperforms other methods on this task. With this result, we demonstrate that deep neural language models can reliably (F1 score of 0.9) be applied in fraud investigations for the detection of code words.

Computation and Language,Artificial Intelligence

Humaira Arshad,Saima Abdullah,Moatsum Alawida,Abdulatif Alabdulatif,Oludare Isaac Abiodun,Omer Riaz

DOI: https://doi.org/10.3390/s22031115

2022-02-01

Abstract:Currently, law enforcement and legal consultants are heavily utilizing social media platforms to easily access data associated with the preparators of illegitimate events. However, accessing this publicly available information for legal use is technically challenging and legally intricate due to heterogeneous and unstructured data and privacy laws, thus generating massive workloads of cognitively demanding cases for investigators. Therefore, it is critical to develop solutions and tools that can assist investigators in their work and decision making. Automating digital forensics is not exclusively a technical problem; the technical issues are always coupled with privacy and legal matters. Here, we introduce a multi-layer automation approach that addresses the automation issues from collection to evidence analysis in online social network forensics. Finally, we propose a set of analysis operators based on domain correlations. These operators can be embedded in software tools to help the investigators draw realistic conclusions. These operators are implemented using Twitter ontology and tested through a case study. This study describes a proof-of-concept approach for forensic automation on online social networks.

Akila Wickramasekara,Frank Breitinger,Mark Scanlon

2024-06-11

Abstract:The growing number of cases that require digital forensic analysis raises concerns about the ability of law enforcement to conduct investigations promptly. Consequently, this paper delves into the potential and effectiveness of integrating Large Language Models (LLMs) into digital forensic investigation to address these challenges. A comprehensive literature review is carried out, encompassing existing digital forensic models, tools, LLMs, deep learning techniques, and the use of LLMs in investigations. The review identifies current challenges within existing digital forensic processes and explores both the obstacles and possibilities of incorporating LLMs. In conclusion, the study asserts that the adoption of LLMs in digital forensics, with appropriate constraints, has the potential to improve investigation efficiency, improve traceability, and alleviate technical and judicial barriers faced by law enforcement entities.

Cryptography and Security,Artificial Intelligence

Xiaoyu Du,Chris Hargreaves,John Sheppard,Felix Anda,Asanka Sayakkara,Nhien-An Le-Khac,Mark Scanlon

DOI: https://doi.org/10.48550/arXiv.2012.01987

2020-12-02

Cryptography and Security

Abstract:Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.

Xuanyu Liu,Xiao Fu,Xiaojiang Du,Bin Luo,Mohsen Guizani

DOI: https://doi.org/10.1109/tnsm.2022.3224863

2023-01-01

IEEE Transactions on Network and Service Management

Abstract:Security and privacy concerns keep growing with the successful development of Internet of Things (IoT) and the booming deployment of smart homes. IoT devices are utilized cooperatively to enable the interactions between home surroundings and users’ daily lives, containing forensically-valuable information about what happens in smart homes, which can help introduce digital forensics into smart homes to alleviate the growing concerns. However, current IoT devices, apps, and platforms usually do not provide built-in capabilities for digital forensics. To overcome this limitation, we propose a non-intrusive solution (i.e., bringing no modification to IoT devices, apps, and platforms) of digital forensic service to provide Forensics-as-a-Service (FaaS) for smart homes. First, it leverages side-channel analysis on sniffed network traffic to monitor commands, actions, and states of IoT devices. Then, it introduces provenance graphs (i.e., causal graphs) for smart home modeling to provide a holistic and overall explanation of smart homes. Machine learning (ML) techniques are applied to overcome the deficiency of a non-intrusive solution as it suffers from challenges in data collection and smart home modeling. Finally, it conducts forensic analysis based on scalable, reusable policies that are designed for graph-based smart home modeling. We implement a prototype of our forensic service and evaluate it in a real-world smart home. The evaluation results show that our forensic service can effectively collect forensic data for smart home modeling and conduct forensic analysis to explain security risks in smart homes.

Yangyang Mei,Weihong Han,Shudong Li,Kaihan Lin,Zhihong Tian,Shumei Li

DOI: https://doi.org/10.1109/tits.2024.3360260

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The Internet now plays a pivotal role in the social and economic landspace, providing individuals and businesses with access to essential daily services and tasks. However, it has also become a breeding ground for conflicts. Advanced Persistent Threats (APTs) pose a formidable chanllenge when directed at organizations and governments, exposing the entire network to substantial security risks. Employing network fornesics for attributing cyber-attacks and acquiring timely, credible forensic results is a fundamental challenge in maintaining cyber security. This paper introduces a Deep Learning-based network forensics framework for digitally identifying and tracking network attacks, providing a comprehensive overview of the network forensics process. Specifically, we extract network traffic and employ encryption to ensure the integrity and security of data. Subsequently, we apply feature filtering techniques to retain essential traceability information, and Deep Learning model parameters are automatically optimized using hyperparameter optimization techniques. Lastly, we develop a Multi-Layer Perceptual Deep Neural Network (MLP DNN) model with perceptual capabilities for detecting anomalous events within the network. We evaluated the framework’s effectiveness using the UNSW-NB15 dataset. The experiments demonstrate that the proposed framework is applicable to APT attack forensics scenarios. In comparison to other AI methods, our framework excels in discovering and tracking network attack events with high performance.

engineering, electrical & electronic,transportation science & technology, civil

Yaqing Zhang,Xiao Fu,Bin Luo,Xiaojiang Du

DOI: https://doi.org/10.1109/icc51166.2024.10622399

2024-01-01

Abstract:Digital forensics is a security research field that has evolved with the advancement of digital technologies, such as computer and network technology. With the emergence of complex forensic environments, such as those found in the IoT and cloud computing, investigators are required to possess higher technical capabilities and knowledge. Completing digital forensics tasks more effectively has become a challenge. Therefore, this paper proposes a blockchain-based collaborative crowdsourcing platform for digital forensics. Through collaborating on the crowdsourcing platform, professional investigators can enhance the supervision of the digital forensics process, reduce the difficulty of digital forensics tasks, and improve their quality. In addition, we introduce blockchain technology to maintain the credibility of the investigation process. We have developed a smart contract and conducted experiments based on Ethereum. The experimental results show that our solution is feasible.

Biodoumoye George Bokolo,Qingzhong Liu

DOI: https://doi.org/10.3390/electronics13091671

IF: 2.9

2024-04-27

Electronics

Abstract:Social media platforms have completely revolutionized human communication and social interactions. Their positive impacts are simply undeniable. What has also become undeniable is the prevalence of harmful antisocial behaviors on these platforms. Cyberbullying, misinformation, hate speech, radicalization, and extremist propaganda have caused significant harms to society and its most vulnerable populations. Thus, the social media forensics field was born to enable investigators and law enforcement agents to better investigate and prosecute these cybercrimes. This paper surveys the latest research works in the field to explore how artificial intelligence (AI) techniques are being utilized in social media forensics investigations. We examine how natural language processing can be used to identify extremist ideologies, detect online bullying, and analyze deceptive profiles. Additionally, we explore the literature on GNNs and how they are applied in social network modeling for forensic purposes. We conclude by discussing the key challenges in the field and suggest future research directions.

engineering, electrical & electronic,computer science, information systems,physics, applied

Peifeng Ni,Quanxiu Wang

DOI: https://doi.org/10.1080/08839514.2022.2137630

IF: 2.777

2022-11-05

Applied Artificial Intelligence

Abstract:In recent years, contactless fraud crimes via telecommunication and Internet have grown rapidly. Meanwhile, the rate of solved criminal cases is much lower, which is mainly due to two reasons. Firstly, the definition of risk factors in the field of new Internet and telecommunication fraud crime is not comprehensive, resulting in the problem not being well defined. Secondly, Internet fraud crime information is mostly recorded using natural language with huge volume, and there is a lack of automated and intelligent way to deeply analyze and extract the risk factor. To better analyze the Internet and telecommunication fraud crime to help solve more cases, in this paper, we propose a new Internet and telecommunication fraud crime risk factor extraction system. After studying the existing related research, we propose a novel risk factor extraction technology based on BERT. This novel technology can gracefully deal with multi-sources and heterogeneous data problems during the extraction of risk factors in multiple dimensions; meanwhile, it can significantly reduce the need for computation resources and improve the online serving performance. After experimentation, this technique can significantly reduce training time by 60%-70%, and meanwhile, it can reduce the computation resources by 80% and improve serving performance by 5 times during serving. In our approach, we propose a novel approach to set sample weight and loss weight based on data characteristics and data distribution during model training, which can significantly improve extraction precision. With adjusting the sample weight during model training, we can get 1.56% precision improved. Moreover, setting the loss weight during model training, the precision can be improved by 1.63% compared to baseline mode.

computer science, artificial intelligence,engineering, electrical & electronic

Xiaoyu Du,Mark Scanlon

DOI: https://doi.org/10.1145/3339252.3340517

2019-07-02

Abstract:The ever increasing volume of data in digital forensic investigation is one of the most discussed challenges in the field. Usually, most of the file artefacts on seized devices are not pertinent to the investigation. Manually retrieving suspicious files relevant to the investigation is akin to finding a needle in a haystack. In this paper, a methodology for the automatic prioritisation of suspicious file artefacts (i.e., file artefacts that are pertinent to the investigation) is proposed to reduce the manual analysis effort required. This methodology is designed to work in a human-in-the-loop fashion. In other words, it predicts/recommends that an artefact is likely to be suspicious rather than giving the final analysis result. A supervised machine learning approach is employed, which leverages the recorded results of previously processed cases. The process of features extraction, dataset generation, training and evaluation are presented in this paper. In addition, a toolkit for data extraction from disk images is outlined, which enables this method to be integrated with the conventional investigation process and work in an automated fashion.

Cryptography and Security,Machine Learning

Faisal S. Alsubaei,Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.1109/access.2024.3351946

IF: 3.9

2024-01-01

IEEE Access

Abstract:Protecting against interference is essential at a time when wireless communications are essential for sending large amounts of data. Our research presents a novel deep learning technique, the ResNeXt method and embedded Gated Recurrent Unit (GRU) model (RNT), rigorously developed for real-time phishing attack detection. Focused on countering the escalating threat of phishing assaults and bolstering digital forensics, our systematic approach involves SMOTE for managing data imbalance during initial data processing. The model’s discriminative capability is improved, particularly in the feature extraction process, when autoencoders and ResNet (EARN) are integrated with feature engineering. The ensemble technique of feature extraction reveals crucial data patterns. At the core of our AI categorization is the RNT model, optimized using hyperparameters through the Jaya optimization method (RNT-J). Rigorously tested on real phishing attack datasets, our AI model consistently outperforms state-of-the-art algorithms by a substantial margin of 11% to 19% while maintaining exceptional computing efficiency. Furthermore, our model achieves 98% accuracy, low false positive/false negative values, and a statistical execution time with a mean of 36.99s, median of 35.99s, minimum of 34.99s, maximum of 41.99s, and a standard deviation of 1.10s. Moreover, it demonstrates superior accuracy with SMOTE (98%) and without SMOTE (83%) compared to other algorithms. This state-of-the-art AI study, which focuses on digital forensics, offers enhanced security and optimized productivity for businesses and industries, signifying a breakthrough in the continuing battle against phishing attempts. Through strengthening protection against interference in wireless communication, our AI research strives to amplify data accessibility, resilience, and trustworthiness in the face of cybersecurity threats within the organizational context.

computer science, information systems,telecommunications,engineering, electrical & electronic

Li Lin,Xuanyu Liu,Xiao Fu,Bin Luo,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/icc42927.2021.9500679

2021-01-01

Abstract:With the rapid development of the Internet of Things technology, smart speakers have become increasingly popular. However, smart speaker security is an ensuing threat. At present, smart speakers are activated by voice, and they monitor users’ voices 24 hours per day. Consequently, there may be problems with user privacy leakage. In this paper, we propose a non-intrusive digital forensic method for smart speakers. The main contribution of the paper is an effective method of combining network traffic analysis with the extraction of user intent and alarms about abnormal network traffic to support the investigation of security. We use Xiaomi smart speakers as an example in an experiment to verify our forensic method. The evaluation results show that our method works well for detecting security risks.

Soliman Abd Elmonsef Sarhan,Hassan A. Youness,Ayman M. Bahaa-Eldin,Ayman Elsayed Taha

DOI: https://doi.org/10.1109/access.2024.3352897

IF: 3.9

2024-01-01

IEEE Access

Abstract:Digital forensics is a prime professional field for law enforcement organizations. This is a major active research topic in the field of cybersecurity. Although traffic and content analysis are leading tasks in this field, most Internet traffic is now encrypted, rendering traditional content analysis impossible. Instant messaging (IM) applications have become increasingly popular for communication between individuals and groups. However, IM conversations can be used for illicit activities such as planning criminal activities or exchanging sensitive information. In such cases, law enforcement agencies may need to perform VoIP forensics to identify suspects involved in the conversations. This study proposes a network forensic approach (NFA) for correlating IM calls to identify suspects’ IP addresses. This approach involves capturing and analyzing IM call data, correlating the data with other network traffic, and using the correlation to identify suspects’ IP addresses. The proposed approach was tested on real-world IM call data and yielded promising results. The network forensics approach for VoIP is superior to other approaches that require physical access to end-user devices, making NFA suitable for early crime detection and in situations where the devices may have been destroyed or burnt. The proposed method achieved a success rate of 92.5% for identifying voice IM calls and providing information about the participants involved in the calls.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kuo Zhao,Huajian Zhang,Jiaxin Li,Qifu Pan,Li Lai,Yike Nie,Zhongfei Zhang

DOI: https://doi.org/10.3390/e26070579

2024-07-07

Abstract:The rapid evolution of computer technology and social networks has led to massive data generation through interpersonal communications, necessitating improved methods for information mining and relational analysis in areas such as criminal activity. This paper introduces a Social Network Forensic Analysis model that employs network representation learning to identify and analyze key figures within criminal networks, including leadership structures. The model incorporates traditional web forensics and community algorithms, utilizing concepts such as centrality and similarity measures and integrating the Deepwalk, Line, and Node2vec algorithms to map criminal networks into vector spaces. This maintains node features and structural information that are crucial for the relational analysis. The model refines node relationships through modified random walk sampling, using BFS and DFS, and employs a Continuous Bag-of-Words with Hierarchical Softmax for node vectorization, optimizing the value distribution via the Huffman tree. Hierarchical clustering and distance measures (cosine and Euclidean) were used to identify the key nodes and establish a hierarchy of influence. The findings demonstrate the effectiveness of the model in accurately vectorizing nodes, enhancing inter-node relationship precision, and optimizing clustering, thereby advancing the tools for combating complex criminal networks.

Abdullah Ayub Khan,Xuzhuo Zhang,Fahima Hajjej,Jing Yang,Chin Soon Ku,Lip Yee Por

DOI: https://doi.org/10.1016/j.heliyon.2023.e23254

IF: 3.776

2023-12-03

Heliyon

Abstract:Ambient Intelligence is a concept that relates to a new paradigm of pervasive computing and has the objective of automating responses from the system to humans without any human intervention. In social media forensics, gathering, analyzing, storing, and validating relevant evidence for investigation in a heterogeneous environment is still questionable. There is no hierarchy for automation, even though standardization and secure processes from data collection to validation have not yet been discussed. This poses serious issues for the current investigation procedures and future evidence chain of custody management. This paper contributes threefold. First, it proposes a framework using a blockchain network with a dual chain of data transmission for privacy protection, such as on-chain and off-chain. Second, a protocol is designed to detect and separate local and global cyber threats and undermine multiple federated principles to personalize search space broadly. Third, this study manages personalized updates by means of optimizing backtracking parameters and automating replacements, which directly affects the reduction of negative influence on the social networking environment in terms of imbalanced and distributed data issues. This proposed framework enhances stability in digital investigation. In addition, the simulation uses an extensive social media dataset in different cyberspaces with a variety of cyber threats to investigate. The proposed work outperformed as compared to traditional single-level personalized search and other state-of-the-art schemes.

Wei Dong,Shaoyi Liao,Zhongju Zhang

DOI: https://doi.org/10.1080/07421222.2018.1451954

IF: 7.582

2018-04-03

Journal of Management Information Systems

Abstract:Corporate fraud can lead to significant financial losses and cause immeasurable damage to investor confidence and the overall economy. Detection of such frauds is a time-consuming and challenging task. Traditionally, researchers have been relying on financial data and/or textual content from financial statements to detect corporate fraud. Guided by systemic functional linguistics (SFL) theory, we propose an analytic framework that taps into unstructured data from financial social media platforms to assess the risk of corporate fraud. We assemble a unique data set including 64 fraudulent firms and a matched sample of 64 nonfraudulent firms, as well as the social media data prior to the firm’s alleged fraud violation in Accounting and Auditing Enforcement Releases (AAERs). Our framework automatically extracts signals such as sentiment features, emotion features, topic features, lexical features, and social network features, which are then fed into machine learning classifiers for fraud detection. We evaluate and compare the performance of our algorithm against baseline approaches using only financial ratios and language-based features respectively. We further validate the robustness of our algorithm by detecting leaked information and rumors, testing the algorithm on a new data set, and conducting an applicability check. Our results demonstrate the value of financial social media data and serve as a proof of concept of using such data to complement traditional fraud detection methods.

information science & library science,management,computer science, information systems