Cyber Forensics Intelligence Center
Permanent URI for this collectionhttps://hdl.handle.net/20.500.11875/2423
Browse
Browsing Cyber Forensics Intelligence Center by Department "Computer Science"
Now showing 1 - 2 of 2
- Results Per Page
- Sort Options
Item Cloud Forecasting: Legal Visibility Issues in Saturated Environments(Computer Law & Security Review, 2018) Brown, Adam J.; Glisson, William Bradley; Andel, Todd R.; Choo, Kim-Kwang RaymondThe advent of cloud computing has brought the computing power of corporate data pro- cessing and storage centers to lightweight devices. Software-as-a-service cloud subscribers enjoy the convenience of personal devices along with the power and capability of a service. Using logical as opposed to physical partitions across cloud servers, providers supply flexible and scalable resources. Furthermore, the possibility for multitenant accounts promises considerable freedom when establishing access controls for cloud content. For forensic analysts conducting data acquisition, cloud resources present unique challenges. Inherent proper- ties such as dynamic content, multiple sources, and nonlocal content make it difficult for a standard to be developed for evidence gathering in satisfaction of United States federal evidentiary standards in criminal litigation. Development of such standards, while essential for reliable production of evidence at trial, may not be entirely possible given the guarantees to privacy granted by the Fourth Amendment and the Electronic Communications Privacy Act. Privacy of information on a cloud is complicated because the data is stored on resources owned by a third-party provider, accessible by users of an account group, and monitored according to a service level agreement. This research constructs a balancing test for competing considerations of a forensic investigator acquiring information from a cloud.Item Identifying stealth malware using CPU power consumption and learning algorithms(Journal of Computer Security, 2018) Lucket, Patrick; McDonald, J. Todd; Glisson, William Bradley; Benton, Ryan; Dawson, Joel; Doyle, Blair A.With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions. Behavioral detection techniques allow for the identification of rootkits with no previously recorded signatures. This research examines a variety of machine learning algorithms, including Nearest Neighbor, Decision Trees, Neural Networks, and Support Vector Machines, and proposes a behavioral detection method based on low yield CPU power consumption. The method is evaluated onWindows 10, Ubuntu Desktop, and Ubuntu Server operating systems along with employing three different rootkits. Relevant features within the data are calculated and the overall best performing algorithms are identified. A nested neural network is then applied that enables highly accurate data classification. Our results present a viable method of rootkit detection that can operate in real-time with minimal computational and space complexity.