Browse > Article

Fuzzy Expert System for Detecting Anti-Forensic Activities  

Kim, Se-Ryoung (고려대학교 정보보호대학원)
Kim, Huy-Kang (고려대학교 정보보호대학원)
Publication Information
Journal of Internet Computing and Services / v.12, no.5, 2011 , pp. 47-61 More about this Journal
Abstract
Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers - the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.
Keywords
Anti-forensic; Anti-forensic activity model; live forensic; fuzzy logic; expert system;
Citations & Related Records
연도 인용수 순위
  • Reference
1 E.H. Mamdani, "Advances in The Linguistic Synthesis of Fuzzy Controllers", International Journal of Man-Machine Studies, vol.8, issue6, pp.669-678, 1976   DOI
2 Srinivas Mukkamala, Andrew H. Sung, "Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Technologies" International Journal of Digital Evidence, vol.1, issue4, 2003.
3 Zaiqiang Liu, Dengguo Feng, "Incremental Fuzzy Decision Tree-Based Network Forensic System", Computational Intelligence and Security, vol.3802, pp.995-1002, 2005.
4 http://computer-forensics2.sans.org/blog/2008/11 /19/
5 Nicolas Ruff, "Windows Memory Forensics", Journal in Computer Virology, vol.4, no.2, pp.83-100, 2007.
6 Bryan Sartin, "Anti-Forensics - Distorting the Evidence", Computer Fraud & Security, vol.2006, issue5, pp.4-6, 2006.   DOI   ScienceOn
7 Paul A. Henry, "Anti-Forensics", Secure computing
8 Ryan Harris, "Arriving at an anti-forensic consensus: Examining how to define and control the anti-forensics problem", Digital Investigation, vol.3, supplement1, pp.44-49, 2006.
9 Jung-Sun Kim, Dong-Geun Kim, Bong-Nam Noh, "A Fuzzy Logic Based Expert System as a Network Forensic", 2004 IEEE International Conference on, vol.2, pp.879-884, 2004.
10 M.Saniee Abadeh, J.Habibi, C.Lucas, "Intrusion Detection using a Fuzzy genetics-based Learning Algorithm", Journal of Network and Computer Applications, vol.30, issue1, pp.414-428, 2007.   DOI   ScienceOn
11 Adel Nadjaran Toosi, Mohsen Kahani, "A New Approach to Intrusion Detection Based on an Evolutionary Soft Computing Model Using Neuro-Fuzzy Classifiers", Computer Communications, vol.30, issue10, pp.2201- 2212, 2007.   DOI   ScienceOn
12 Zaiqiang Liu, Dengguo Feng, "Incremental Fuzzy Decision Tree-Based Network Forensic System", Computational Intelligence and Security, vol.3802, pp.995-1002, 2005.
13 http://datatracker.ietf.org/doc/rfc3227/
14 Simon Garfinkel, "Anti-Forensics : Techniques, Detection and Countermeasures", 2nd InternationalConferenceoni-WarfareandSecurity, pp.77-84
15 Liu, Brown, "Bleeding-Edge Anti-Forensics", Infosec World Conference and Expo, MIS Training Institute
16 http://support.microsoft.com/kb/223316
17 L.A. Zadeh, "Fuzzy Sets", Information and Control, pp.338-353, 1965.
18 http://securotyfocus.com/archive/1/348638/2003 -12-29/2004-01-04/0
19 http://www.shadowserver.org/wiki/pmwiki.php/ Stats/PackerStatistics
20 Brian Hay, Kara Nance, Matt Bishop, "Live forensic Progress and Challenges", IEEE Security and Privacy, vol.7, issue2, pp.30-37, 2009.
21 http://en.wikipedia.org/wiki/Triangular_distribut ion
22 Harlen Carvey, "Windows Forensic Analysis", Syngress Publishing, ISBN 1597494224, 2009
23 Niandong Liao, Shengfeng Tian, Tinghua Wang, "Network forensic based on fuzzy logic and expert system", Computer Communications, vol.32, issue17, pp.1881-1892, 2009.   DOI   ScienceOn
24 Emmanuel S.Phill, R.C.Joshi, Rajdeep Niyogi, "A Generic Framework for Network Forensic", International Journal of Computer Applications, vol.1. no.11, 2010.
25 Christian S.J. Peron, Michael Legary, "Digital Anti-Forensic: Emerging trends in data transformation techniques"
26 Frank Adelstein, "Live Forensic, Diagnosing your system without killing it first, Communications of the ACM, vol.49, no.2, 2006.
27 Stuart McClure, Joel Scambray, George Kurtz, "Hacking Exposed : Network Security Secrets and Solutions", Third Edition, McGraw-Hill, ISBN 007149426X, 2007
28 L.A. Zadeh, "The role of fuzzy logic in the management of uncertainty in expert system" Fuzzy Sets and Systems, vol.11, issue1-3, pp.197-198, 1983.   DOI   ScienceOn
29 E.H. Mamdani, S. Assilian, "An Experiment in Linguistic Synthesis with a Fuzzy Logic Controller", International Journal of Man- Machine Studies, vol.7, issue1, pp.1-13, 1975   DOI   ScienceOn