CIT researchers develop system to detect cloud-based cybercrime evidence

An illustration of the machine learning process for detecting evidence of cybercrime in the cloud

The cloud is no longer a good place to hide digital evidence of crimes like child exploitation, illegal drug trafficking and illegal firearm transactions, thanks to research by a doctoral student and professors in Purdue Polytechnic’s Department of Computer and Information Technology.

Fahad Salamh, a doctoral researcher, Marcus Rogers, professor of computer and information technology, and Umit Karabiyik, assistant professor of computer and information technology, have developed a cloud forensic model using machine learning to collect digital evidence related to illegal activities on cloud storage applications like Dropbox and Google Drive.

“It is crucial to detect illegal cloud activities in motion,” said Salamh. “Our technology identifies and analyzes in real time incidents related to these cybercrimes through transactions uploaded to cloud storage applications.”

When a cloud storage application user uploads a media file, the system developed by the research team deploys deep learning models to scan images for signs of cybercrimes and report illegal activities via a forensic evidence collection system. Machine learning helps cloud service providers collect alerted logs, block associated accounts and report them to law enforcement based on a cloud search warrant request.

“It is important to automate the process of digital forensic and incident response in order to cope with advanced technology and sophisticated hiding techniques and to reduce the mass storage of digital evidence on cases involving cloud storage applications,” Salamh said. “Cloud environments challenge investigators in identifying the ownership of uploaded media files because of their network architecture and data processing.”

Read the full Purdue Research Foundation article.

Additional information:

People in this Article: