User attribution based on keystroke dynamics in digital forensic readiness process

Mohlala, Martha; Ikuesan, Richard Adeyemi; Venter, Hein S.

doi:10.1109/ains.2017.8270436

Cited by 16 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors also posit that, while ISO/IEC guidelines may not be application‐specific during the cyber forensic investigation process, it is still important to note that, lack of these processes may easily lead to disregarding potential evidence 44,45 . Notably, important objectives that we present in this paper are as follows: Saving costs by achieving forensic preparedness, forensically sound digital evidence is collected thus the sanctity of this evidence is preserved, the integrity of the collected digital data is also maintained thus increased the chances of admissibility.…”

Section: Discussionmentioning

confidence: 99%

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

Makura

Venter

Kebande

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent‐based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. The prototype is deployed and executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data in a forensic sound database. The prototype also prepares the operational cloud environment to be forensically ready for digital forensic investigations without alternating the functionality of the OpenStack cloud architecture by leveraging the ISO/IEC 27043 guidelines on security monitoring.

show abstract

Section: Discussionmentioning

confidence: 99%

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

Makura

Venter

Kebande

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…A Decision Tree is one of the most commonly used classification algorithms in the security domain (Berrueta, Morato, Magana, et al, 2019;Molina et al, 2021). Trees provide a rule-based approach to classification, and since security relies on rules, this is often the preferred approach (Adeyemi, Razak, Salleh, et al, 2016;Ernsberger, Ikuesan, Venter, et al, 2017;Mohlala, Ikuesan & Venter, 2018). The parameters used for the DT comprised the quality measure that integrates the Gini Index, with no pruning, and a minimum number of five records per node.…”

Section: Decision Tree (Dt)mentioning

confidence: 99%

Ransomware Detection using Process Memory

Singh

Ikuesan

Venter

2022

iccws

View full text Add to dashboard Cite

Ransomware attacks have increased significantly in recent years, causing great destruction and damage to critical systems and business operations. Attackers are unfailingly finding innovative ways to bypass detection mechanisms, which encouraged the adoption of artificial intelligence. However, most research summarizes the general features of AI and induces many false positives, as the behavior of ransomware constantly differs to bypass detection. Focusing on the key indicating features of ransomware becomes vital as this guides the investigator to the inner workings and main function of ransomware itself. By utilizing access privileges in process memory, the main function of the ransomware can be detected more easily and accurately. Furthermore, new signatures and fingerprints of ransomware families can be identified to classify novel ransomware attacks correctly. The current research used the process memory access privileges of the different memory regions of the behavior of an executable to quickly determine its intent before serious harm can occur. To achieve this aim, several well-known machine learning algorithms were explored with an accuracy range of 81.38% – 96.28%. The study thus confirms the feasibility of utilizing process memory as a detection mechanism for ransomware.

show abstract

“…For example, an FSM can widely be explored after being defined and based on the existing events/stages of CFRaaS, an FSM can be leveraged to determine or to give the probable scenarios that can lead to seamless analysis of a potential security incident based on some forensic hypothesis (Kebande et al, 2019; Adeyemi et al, 2017). [7][8][9][10][11] That notwithstanding, an event-based FSM provides an approach of formally analyzing situations or circumstances through which forensic readiness process-dubbed events from a cloud forensic perspective, could in context be feasibly represented. This, is owing to the fact that, CFRaaS that previously has been described in Kebande and Venter, 12 Kebande and Venter (2019b), 13 and Kebande and Venter 6 is composed of steps/processes/events that have a possibility of being formally analyzed as event-steps from a forensic examination perspective.…”

Section: Motivationmentioning

confidence: 99%

Finite state machine for cloud forensic readiness as a service (CFRaaS) events

Kebande

Choo

2021

Security and Privacy

View full text Add to dashboard Cite

The importance of demonstrating the correctness of forensic analysis tools and automated incident management tools reinforces the need for a finite state machine (FSM) engine that can generate automated forensic processes. Hence, in this paper, we present an event-based FSM representation for Cloud Forensic Readiness as a Service (CFRaaS), where we also show how the FSM's predetermined states and transitions could be used to formulate an automated forensic process and generate a hypothesis for litigation purposes. Specifically, this proposition comprises a two-step level CFRaaS-FSM with possible transitions and states. This representation is useful because it can alert digital forensic investigators on how to deduce current and next state of attacks based on transitions and current states.

show abstract

User attribution based on keystroke dynamics in digital forensic readiness process

Cited by 16 publications

References 21 publications

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

Ransomware Detection using Process Memory

Finite state machine for cloud forensic readiness as a service (CFRaaS) events

Contact Info

Product

Resources

About