A survey and research challenges of anti-forensics: Evaluation of game-theoretic models in simulation of forensic agents' behaviour

Hasanabadi Saeed Shafiee; Lashkari Arash Habibi; Ghorbani Ali A.

首页> 外文期刊>Digital investigation >A survey and research challenges of anti-forensics: Evaluation of game-theoretic models in simulation of forensic agents' behaviour

【24h】

A survey and research challenges of anti-forensics: Evaluation of game-theoretic models in simulation of forensic agents' behaviour

机译：反上取证的调查与研究挑战：对法医代理行为模拟的游戏理论模型评价

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Digital forensic investigators' aim is identifying, collecting and presenting reliable, accurate, and admissible evidence in court. However, anti-forensics manipulate, obfuscate, hide, and remove the remaining piece of evidence in a compromised system. Anti-forensics interrupt investigation procedures; thus, the investigators require specific defensive strategies (counter-anti-forensics) against antiforensics. This paper mounts a survey to explore existing anti-forensic research, and constitute a taxonomy on behaviour of anti-forensics and another taxonomy on further research tasks of anti-forensics.The knowledge of interactions between forensic agents' (an investigator and an attacker) in a forensic environment helps the investigator to evaluate the existing counter-anti-forensics, and enables him/her to design and develop more advanced counter-anti-forensics. Therefore, in this paper, first, we formulate a set of characteristics to model interactions between the attacker and the investigator (players) in a realistic forensic environment. Next, we propose a game-theoretic approach to model the players' interactions. The attacker uses anti-forensics (i.e. rootkits) and the investigator employs counter-antiforensics (i.e. anti-rootkits). We select and evaluate a set of game-theoretic models and algorithms to simulate the players' interactions. Results of the evaluation show that a gradient play algorithm has satisfactory performance, among the selected game-theoretic models and algorithms to simulate the interactions in the forensic environment. The gradient play algorithm identifies the investigator's most stable and desired strategies after spending 10.0E-4 s and consuming 5.8 KB. (C) 2020 Elsevier Ltd. All rights reserved.

机译：数字法医调查员的目标是在法庭上识别，收集和呈现可靠，准确和可接受的证据。但是，在受损系统中操纵，混淆，隐藏和删除剩余证据的反对。反上取证中断调查程序;因此，调查人员需要针对抗足病症的特定防御策略（反抗类药物）。本文安装了一项调查探讨了现有的反法医研究，并构成了对反上取证的行为和另一个分类物的分类，以及关于反对学的进一步研究任务的分类。法医代理人（调查员和攻击者）之间的相互作用。在法医环境中，有助于调查人员评估现有的反抗证，并使他/她能够设计和开发更先进的反抗取证。因此，在本文中，首先，我们制定一组特征来在现实的法医环境中模拟攻击者和调查员（球员）之间的相互作用。接下来，我们提出了一种模拟玩家互动的游戏理论方法。攻击者使用抗真菌（即Rootkits），研究者采用反抗真菌剂（即抗rootkits）。我们选择并评估一组游戏理论模型和算法以模拟播放器的交互。评估结果表明，梯度播放算法具有令人满意的性能，在所选择的游戏理论模型和算法中，以模拟法医环境中的交互。梯度播放算法在支出10.0E-4 S和消耗5.8 kB后识别调查员最稳定和最稳定的策略。（c）2020 elestvier有限公司保留所有权利。

著录项

来源
《Digital investigation》 |2020年第12期|301024.1-301024.16|共16页
作者
Hasanabadi Saeed Shafiee; Lashkari Arash Habibi; Ghorbani Ali A.;
展开▼
作者单位

Univ New Brunswick UNB Canadian Inst Cybersecur Fredericton NB Canada;

Univ New Brunswick UNB Canadian Inst Cybersecur Fredericton NB Canada;

Univ New Brunswick UNB Canadian Inst Cybersecur Fredericton NB Canada;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Anti-forensics; Counter-anti-forensics; Digital forensics; Forensic environment; Game theory; Fictitious play; Gradient play; Bayesian game theory; Evolutionary game theory;

机译：反上取证;反抗取证;数字取证;法医环境;博弈论;虚构的游戏;梯度播放;贝叶斯博弈论;进化博弈论;

相似文献

外文文献
中文文献
专利

1. Toward Understanding the Challenges and Countermeasures in Computer Anti-Forensics [J] . Kamal Dahbur, Bassil Mohammad International journal of cloud applications and computing . 2011,第3期

机译：理解计算机取证的挑战与对策
2. A Multi-purpose countermeasure against image anti-forensics using autoregressive model [J] . Zeng Hui, Kang Xiangui, Peng Anjie Neurocomputing . 2016,第maya12期

机译：基于自回归模型的图像反取证多功能对策
3. An initial agent behaviour modelling and definition methodology as applied to unmanned aerial vehicle simulations [J] . William E. Marsh, Raymond R. Hill International Journal of Simulation & Process Modelling . 2008,第2期

机译：初始代理行为建模和定义方法，应用于无人机模拟
4. Policy evaluation by analysing population emergent behaviour with a microsimulation and multi agent based model [C] . Karandeep Singh Brar, Mazhar Sajjad, Chang-Won Ahn International Symposium on Agents, Multi-Agent Systems and Robotics . 2015

机译：通过使用微观模拟和基于多主体的模型分析人口紧急行为进行政策评估
5. Machine Learning Techniques for Forensic Camera Model Identification and Anti-forensic Attacks [D] . Chen, Chen. 2019

机译：用于法医相机模型识别和反务攻击的机器学习技术
6. Colloquium PaperAdaptive Agents Intelligence and Emergent Human Organization: Capturing Complexity through Agent-Based Modeling: Invariance and universality in social agent-based simulations [O] . Claudio Cioffi-Revilla 2002

机译：座谈会论文自适应智能体情报和新兴人类组织：通过基于智能体的建模捕获复杂性：基于社会智能体的模拟中的不变性和普遍性
7. Anti-Forensic Threat Modeling [O] . Bruno Hoelz, Marcelo Maues 2017

机译：反务威胁建模

A survey and research challenges of anti-forensics: Evaluation of game-theoretic models in simulation of forensic agents' behaviour

摘要

著录项

相似文献

相关主题

期刊订阅