With the increase in the amount of websites and apps that use cloud storage, there is growing concern that information stored in the cloud could be used to aid cybercrimes like child exploitation, illegal drug trafficking and illegal firearm transactions.
Researchers at Purdue have created a potential solution to this with a cloud forensic model that uses machine learning to collect data and evidence of such activities on sites that rely on cloud storage.
The team’s system is able to detect illegal activity on the cloud through deep learning models. It can then report this activity through a forensic evidence collection system.
Fahad Salamh, a graduate student in the Polytechnic Institute that worked with the team, stressed the importance of catching illegal activity on the cloud while it is in motion in a Purdue press release.
“Our technology identifies and analyzes in real time incidents related to these cybercrimes through transactions uploaded to cloud storage applications,” Salamh said.
The system is put into motion when a media file is uploaded to the cloud. From there, the machine learning models scan images and video thumbnails in search of potential evidence of a cybercrime. This can allow companies that provide cloud services to collect logs of suspected criminal activity, block offending accounts and report the crimes to law enforcement authorities based on a request for a cloud search warrant.
The team, led by Marcus Rogers and Umit Karabiyik, professors in the Polytechnic Institute, tested the model with over 1,500 image files and reported a 96% success rate in identifying evidence of criminal activity.
“It is important to automate the process of digital forensic and incident response in order to cope with advanced technology and sophisticated hiding techniques and to reduce the mass storage of digital evidence on cases involving cloud storage applications.” Salamh said.
“Cloud environments challenge investigators in identifying the ownership of uploaded media files because of their network architecture and data processing.”