This book constitutes the refereed proceedings of the 13th EAI International Conference on Practical Aspects of Digital Forensics and Cyber Crime, ICDF2C 2022, held in Boston, MA, during November 16-18, 2022.
The 28 full papers included in this book were carefully reviewed and selected from 80 submissions. They were organized in topical sections as follows: Image Forensics; Forensics Analysis; spread spectrum analysis; traffic analysis and monitoring; malware analysis; security risk management; privacy and security.

nexusstc/Digital Forensics and Cyber Crime/7856407618eca56d359026e4a2fa4722.pdf

lgli/1924..pdf

lgrsnf/1924..pdf

zlib/Computers/Security/Sanjay Goel, Pavel Gladyshev, Akatyev Nikolay, George Markowsky, Daryl Johnson/Digital Forensics and Cyber Crime_25432265.pdf

Sanjay Goel,Pavel Gladyshev,Akatyev Nikolay,George Markowsky,Daryl Johnson,Ozgur Akan,Paolo Bellavista,Jiannong Cao,Geoffrey Coulson,Falko Dressler,Domenico Ferrari,Mario Gerla,Hisashi Kobayashi,Sergio Palazzo,Sartaj Sahni,Xuemin Shen,Mircea Stan,Xiaohua Jia,Albert Y. Zomaya

Springer Nature Switzerland AG

Springer Nature, Cham, Switzerland, 2023

Switzerland, Switzerland

producers:
Springer-i

{"content":{"parsed_at":1715411095,"parser":{"name":"textparser","version":"0.1.129"},"source":{"name":"grobid","version":"0.8.0"}},"isbns":["3031365739","9783031365737"],"last_page":486,"publisher":"Springer"}

Preface
Organization
Contents
Image Forensics
Image-to-Image Translation Generative Adversarial Networks for Video Source Camera Falsification
1 Introduction
2 Related Work
3 Background
3.1 Video Source Camera Identification Network
3.2 Generative Adversarial Networks (GANs)
4 Methodology
4.1 Selecting GAN Network
4.2 GAN Architecture
5 Evaluation Results
5.1 Dataset
5.2 Experiments
6 Conclusion and Future Work
References
Towards Efficient On-Site CSAM Triage by Clustering Images from a Source Point of View
1 Introduction
2 Foundations
2.1 Computer Forensics Field Triage Process Model
2.2 Metadata
2.3 Clustering with UMAP
3 Related Work
4 Clustering Concept and Its Prototype
4.1 Clustering Concept
4.2 Proof of Concept
5 Experimental Results
5.1 Clustering the Original FOIDB Images
5.2 Clustering FOIDB After Anti-forensic Actions
6 Evaluation
7 Conclusion and Future Work
References
Can Image Watermarking Efficiently Protect Deep-Learning-Based Image Classifiers? – A Preliminary Security Analysis of an IP-Protecting Method
1 Introduction
2 Related Work
2.1 Protecting Deep Neural Network (DNN) Models from Copyright Infringements
2.2 Whole-Image Steganography and Steganalysis
3 Enhancing a Blind-Watermarking-Based IP Protection Technique (ACSAC19) for DNN Image Classifiers
3.1 Re-examining the Original End-to-End Blind-Watermarking Method (ACSAC19) for DNN Image Classifier Protection
3.2 Enhancing a Blind-Watermarking-Based IP Protection Technique (ACSAC19) for DNN Image Classifiers
4 A Preliminary Security Analysis of Our Enhanced Blind-Watermarking-Based IP Protection Techniques for DNN Image Classifiers
5 Launching Evasion Attacks on Blind-Watermarking-Based Image Classifier Protection Techniques
6 Launching Spoofing Attacks on Blind-Watermarking-Based Image Classifier Protection Techniques
7 Launching Robustness Attacks on Blind-Watermarking-Based Image Classifier Protection Techniques
8 Conclusion and Future Work
References
Forensic Analysis and Artifact Detection
Digital Forensics Tool Evaluation on Deleted Files
1 Introduction
2 Related Work
3 Methodology
3.1 Environment Preparation
3.2 Data Creation
3.3 Data Population and Collection
3.4 Data Processing and Analysis
4 Discussion of the Results and Analysis
4.1 First Image - Base Image
4.2 Second Image - After Delete
4.3 Third Image - After Delete and Idle
4.4 Fourth Image - After Delete and Web Browsing
4.5 Fifth Image - After Delete and Download
4.6 Persistence of Deleted Files
5 Conclusion and Future Works
A Appendix - Hash Values of the Created Files
B Appendix - Microsoft Edge Browsing History
References
Forensic Analysis of Webex on the iOS Platform
1 Introduction
2 Literature Review
3 Methodology
3.1 Data Population
3.2 Data Extraction
3.3 Data Analysis
4 Results and Findings
4.1 Application Information
4.2 User Data
4.3 Meeting Data
4.4 Interactions During Meeting Session
5 Conclusion and Future Work
References
Watch Your WeChat Wallet: Digital Forensics Approach on WeChat Payments on Android
1 Introduction
2 Literature Review
2.1 WeChat Payment Feature Analysis
2.2 WeChat Analysis on Android
2.3 WeChat Database Decryption
3 Methodology
3.1 Test Environment and Requirements
3.2 Device Preparation
3.3 Data Creation
3.4 Data Acquisition
3.5 Forensic Analysis
4 Results
4.1 Registered Credit Card
4.2 Money Transaction with Friends
4.3 Money Transaction with Corporate Account
4.4 Money Transaction with Services Function
4.5 Full Transaction History
5 Conclusion and Future Work
References
Crypto Wallet Artifact Detection on Android Devices Using Advanced Machine Learning Techniques
1 Introduction
2 Related Work
3 Framework for Cryptocurrency Wallet Application Analysis
3.1 Overview
3.2 Android File System Analysis
3.3 Detecting Crypto Related Images
3.4 Detecting Crypto Related Browser History
4 Evaluation
4.1 Data Extraction
4.2 Crypto Wallet Application Analysis Results
4.3 Crypto Related Image Analysis Results
4.4 Browser History Analysis Results
5 Conclusion
References
Spread Spectrum Analysis
CSCD: A Cyber Security Community Detection Scheme on Online Social Networks
1 Introduction
2 Related Work
2.1 Security-Related Account Recognition on OSNs
2.2 Security-Related Community Detection on OSNs
3 Research Goal
4 Methodology
4.1 Overview of Proposed Scheme
4.2 Data Collection and Pre-processing
4.3 Security-Related Account Recognition
4.4 Overlapping Community Detection
5 Evaluation and Case Study
5.1 Experiment Design
5.2 Dataset
5.3 Experiment and Results
5.4 Case Study of a Sample Sub-Community
6 Conclusion and Future Work
6.1 Conclusion
6.2 Future Work
References
Shedding Light on Monopoly: Temporal Analysis of Drug Trades
1 Introduction
1.1 Motivation
1.2 Problem Statement
1.3 Selection of Monopoly Market
1.4 Contribution
2 State of the Art
2.1 Typology of Dark Marketplaces
2.2 Monetising Models
3 Dataset
3.1 Content Description
3.2 Metrics
4 Evaluation
5 Conclusion
A Figures
References
Extracting Spread-Spectrum Hidden Data Based on Better Lattice Decoding
1 Introduction
2 Preliminaries
2.1 SS Embedding and Legitimate Extraction
2.2 Blind SS Extraction
2.3 Lattice Decoding
3 The Proposed Method
3.1 M-ISIC
3.2 Performance Analysis
3.3 Unknown Number of Signatures
3.4 Computational Complexity
4 Experimental Studies
4.1 Known Number of Carriers
4.2 Unknown Number of Carriers
5 Conclusions
A The Equivalence of GLS and ZF
References
Traffic Analysis and Monitoring
MQTT Traffic Collection and Forensic Analysis Framework
1 Introduction
2 Related Work
3 MQTT Traffic Collection and Analysis Methodology
3.1 Testbed Implementation
3.2 MQTT Protocol Implementation
3.3 MQTT Network-Based Forensic Framework
3.4 Attack Detection
3.5 Technology Stack
4 Experiment
4.1 Unauthorised Subscription Detection
4.2 Denial of Service Attack Detection
4.3 Brute Force Attack Detection
4.4 Zigbee2MQTT Devices Inactivity Detection
4.5 Real-Time Detection Experiment
5 Conclusion and Future Work
References
IoT Malicious Traffic Detection Based on FSKDE and Federated DIOT-Pysyft
1 Introduction
2 Related Work
3 The IoT Malicious Traffic Detection Based on FSKDE and Federated DIOT-Pysyft
3.1 Data Preprocessing
3.2 The Feature Selection Based on FSKDE
3.3 The Traffic Detection Based on Federated DIOT-Pysyft
4 Experiment and Result Analysis
4.1 Experimental Design
4.2 Evaluation Metrics
4.3 Experimental Evaluation
5 Conclusion
References
Crime and Incident Watch for Smart Cities: A Sensor-Based Approach
1 Introduction
2 Related Work
3 The Proposed Approach and Methods
3.1 The Concept of SBCI-Watch
3.2 Experiment and Results
4 Conclusion and Future Work
References
Malware Analysis
The Lightweight Botnet Detection Model Based on the Improved UNet
1 Introduction
2 Related Works
3 Methodology
3.1 1D-UNet for Botnet Detection
3.2 1DL-UNet for Botnet Detection
4 Experiments and Result Analysis
4.1 Configurations, Data Processing and Evaluation Metrics
4.2 Results and Analysis
5 Conclusions
References
On the Application of Active Learning to Handle Data Evolution in Android Malware Detection
1 Introduction
2 Background Information and Literature Review
2.1 Background Information
2.2 Literature Review
3 Methodology
3.1 Data Set and Data Features
3.2 Workflow and Scenarios
4 Results and Discussion
5 Conclusions
References
Volatility Custom Profiling for Automated Hybrid ELF Malware Detection
1 Introduction
2 Related Work
3 Design and Implementation
3.1 Data Generation
3.2 Feature Engineering
3.3 Classification
4 Experimentation and Results
4.1 Dataset
4.2 Evaluation Metrics
4.3 Results
5 Conclusion and Future Work
References
Security Risk Management
The Need for Biometric Anti-spoofing Policies: The Case of Etsy
1 Introduction
2 Theoretical Background
2.1 Privacy
2.2 Biometric Identification
3 Methodology
3.1 Data Collection
3.2 Privacy Risk Score
3.3 Extracting Fingerprint Data
4 Findings
5 Discussion and Conclusion
5.1 Research Implications
5.2 Practical Considerations
References
VPnet: A Vulnerability Prioritization Approach Using Pointer Network and Deep Reinforcement Learning
1 Introduction
2 Related Literature
3 Materials and Methods
3.1 Overall Framework of VPnet
3.2 Data Pre-processing Module
3.3 Remediation Plan Generating Module
4 Experiments
4.1 Experimental Details
4.2 Results
5 Limitations and Discussion
6 Conclusion
References
Are External Auditors Capable of Dealing with Cybersecurity Risks?
1 Introduction
2 Background
2.1 Cybersecurity Regulations in Accounting
2.2 Auditors’ Role in Cyber Risk
3 Hypotheses
3.1 Personality of Openness
3.2 Risk Attitudes
3.3 Operating Stress
4 Research Methods
4.1 Sample
4.2 Data Collection
4.3 Measurement of Independent Variables
4.4 Measurement of Dependent Variable – Auditors’ Performance in Cybersecurity
4.5 Analysis
5 Results
5.1 Descriptive Statistics
5.2 PLS-Based SEM Analyses
6 Discussion
6.1 Discussion of Findings
6.2 Implications
6.3 Limitations
References
Deep Learning-Based Detection of Cyberattacks in Software-Defined Networks
1 Introduction
2 Related Work
3 Method
3.1 Dataset
3.2 Overview of the Classification Tasks
3.3 Binary Classification
3.4 Multiclass Classification and Dataset Balancing
3.5 Evaluation Criteria
4 Results and Discussion
4.1 Data Pre-processing
4.2 Explotary Data Analysis
4.3 Experimental Results: Binary Classification
4.4 Results of Intrusion Type Classification and Data Balancing
5 Conclusion
References
Deep Learning Based Network Intrusion Detection System for Resource-Constrained Environments
1 Introduction
1.1 Contribution of This Work
2 Related Work
3 Methodology
3.1 Dilated Causal Neural Network Architecture
3.2 Dataset Description
4 Experiments and Results
4.1 Experiments
4.2 Experimental Results
4.3 Discussion
5 Conclusion
5.1 Future Work
References
Poisoning-Attack Detection Using an Auto-encoder for Deep Learning Models
1 Introduction
2 Threat Model and Attacks
2.1 Threat Model
2.2 Considered PA attacks
2.3 Fine-Tuning
3 Auto-encoder Solution for Detecting Model Poisoning Attack
3.1 Auto-encoder Based Anomaly Detection
3.2 Proposed Method
4 Experimental Results
4.1 Datasets and Target Models
4.2 Experimentations
4.3 Evaluation
5 Conclusion and Perspectives
References
Privacy and Security
Attribute-Based Proxy Re-encryption with Privacy Protection for Message Dissemination in VANET
1 Introduction
2 Preliminaries
2.1 Linear Secret Sharing Schemes
2.2 Attribute-Based Proxy Re-encryption
2.3 Communication Model
2.4 Security Requirement
3 The Proposed Scheme
3.1 System Initialization
3.2 Key Generation
3.3 Message Encryption
3.4 Message Verification
3.5 Message Re-encryption
3.6 Message Decryption
4 Security Analysis
5 Performance Evaluation and Comparison
5.1 Functionality Comparison
5.2 Computation Cost Evaluation
6 Conclusion
References
PBPAFL: A Federated Learning Framework with Hybrid Privacy Protection for Sensitive Data
1 Introduction
2 Methodology
2.1 Overview
2.2 Federated Learning
2.3 Privacy-Preserving Mechanisms in Federated Learning
2.4 Privacy Budget Parameter Adaptive Federated Learning
3 Experimental Setup
3.1 Experimental Dataset
3.2 Model Evaluation Metrics
3.3 Convolutional Neural Network
3.4 Privacy Budget Parameters and Evaluation Methodology
3.5 Experimental Procedure
4 Experimental Results
4.1 Performance Analysis
4.2 Summary of Findings
5 Discussion
6 Conclusion
References
Cyber Crime Undermines Data Privacy Efforts – On the Balance Between Data Privacy and Security
1 Introduction
2 Related Work
2.1 Data Protection Related Work
2.2 Data Exfiltration Related Work
3 Relevant Articles of GDPR and Associated Guidelines
3.1 Relevant Articles of GDPR
3.2 edpb Guidelines 2021/01 Version 2.0
4 Sample Attack Vectors for Balancing GDPR in Case of Data Exfiltration
4.1 Protocol Use Pattern Analysis
4.2 Misuse of HTTP/2 Protocol as One Example of Many
4.3 Malicious Reconfiguration of an E-Mail Client
5 Balancing GDPR Requirements Against the Hazards
6 Conclusion and Future Work
References
Automating the Flow of Data Between Digital Forensic Tools Using Apache NiFi
1 Introduction
2 Backgrounds
2.1 Digital Forensic Challenges
2.2 Digital Forensics: Tools and Techniques
2.3 Use of Apache NiFi in Research
2.4 Summary
3 Methodology
3.1 Overview
3.2 Design a NiFi DataFlow for Digital Evidence Data Processing
3.3 NiFi Processors for Auto-Detecting and Fetching Data
3.4 NiFi Processors for Auto-Examine and Analysis of Data
3.5 Benefits of Using NiFi in Digital Forensics
3.6 Summary
4 Use Cases
4.1 File Carving
4.2 Data Extraction from Disk Images
4.3 NSRL Hash Lookup
4.4 Categorising Files by MIME Type
4.5 IoT Sources Ingestion
4.6 Summary
5 Experiments and Results
5.1 Test Data
5.2 Experiment Environment Setup
5.3 Experiments and Results
6 Conclusion
6.1 Future Work
References
Android Mobile Terminal Security Assessment Based on Analytical Hierarchy Process (AHP)
1 Introduction
2 Security Metrics and Scoring for Android Mobile Terminals
2.1 REE Security Metrics and Scoring
2.2 TEE Security Metrics and Scoring
2.3 Hardware Security Metrics and Scoring
2.4 Communication Security Metrics and Scoring
2.5 Summary of Security Metrics and Scoring
3 Determining Relative Weights of Security Metrics Based on AHP
4 An Architecture for Android Mobile Terminal Security Assessment System
4.1 Main Components of Functional Architecture
4.2 Procedure of Mobile Terminal Security Assessment
5 Implementation and Evaluation
5.1 Conducting Mobile Terminal Security Assessment for Mobile Payment
5.2 Evaluation
5.3 Limitation
6 Conclusion and Future Work
References
A General Steganalysis Method of QR Codes
1 Introduction
2 Preliminaries
2.1 QR Code Features
2.2 Steganography Based on QR Codes
3 The Proposed Method
3.1 The Steganalysis Method for QR Codes
3.2 Theoretical Analysis
4 Experimental Results and Comparison
5 Conclusion
References
Author Index

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Erscheinungsdatum: 16.07.2023

2023-07-19