Seeing the invisible: forensic uses of anomaly detection and machine learning

Authors:
Federico Maggi;Stefano Zanero;Vincenzo Iozzo
Affiliations:
Politecnico di Milano, Milano, Italy;Politecnico di Milano, Milano, Italy;Politecnico di Milano, Milano, Italy
Venue:
ACM SIGOPS Operating Systems Review
Year:
2008

Citing 17
Cited 1

Data mining: concepts and techniques

Data mining: concepts and techniques
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Detection and classification of intrusions and faults using sequences of system calls

ACM SIGMOD Record
Intrusion Detection via System Call Traces

IEEE Software
Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Remembrance of Data Passed: A Study of Disk Sanitization Practices

IEEE Security and Privacy
Computer and Intrusion Forensics

Computer and Intrusion Forensics
Markov Chains, Classifiers, and Intrusion Detection

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Anomalous system call detection

ACM Transactions on Information and System Security (TISSEC)
Hiding data, forensics, and anti-forensics

Communications of the ACM
Intrusion detection using sequences of system calls

Journal of Computer Security
Exploring Steganography: Seeing the Unseen

Computer
BodySnatcher: Towards reliable volatile memory acquisition by software

Digital Investigation: The International Journal of Digital Forensics & Incident Response
FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Selecting and Improving System Call Models for Anomaly Detection

DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anti-forensics is the practice of circumventing classical forensics analysis procedures making them either unreliable or impossible. In this paper we propose the use of machine learning algorithms and anomaly detection to cope with a wide class of definitive anti-forensics techniques. We test the proposed system on a dataset we created through the implementation of an innovative technique of anti-forensics, and we show that our approach yields promising results in terms of detection.