A tool for assisting in the forensic investigation of cyber-security incidents

The exponential growth of networking capabilities including the Internet of Things (IoT), has led to an outburst of cyberattacks. Many well-documented cyber-attacks have targeted critical energy infrastructures as well as any kind of cloud-based IT platforms. Early examination of critical systems’ vulnerabilities, as well as previous cyber-security incidents, are of utmost importance to prevent new ones. A thorough investigation to examine the context of the cyber-security breach can reveal facts about the source of the attack, the profile of the attacker, the resources, and the skills required and can further reveal mitigations for preventing the attack from re-appearing in the future. To safeguard critical energy infrastructures, many forensic approaches have been developed to collect, analyze, and digitalize evidence assisting in the in-depth investigation of an incident. However, up to now, the many open-source vulnerability data sources which have been developed to provide valuable information for a cyber-attack are yet to be employed to assist in forensic investigation. This paper introduces the Automated Forensic Tool, a platform that employs machine learning algorithms to combine different vulnerability data sources for facilitating the forensic procedure while minimizing the time and effort needed. A use case is also demonstrated that displays how the tool can be used towards assisting the forensic investigation of cyber-security incidents on an energy infrastructure, but the tool can also be applied to other critical energy and IT infrastructures with minor adaptations.

[1]  D. Askounis,et al.  Vulnerabilities Manager, a platform for linking vulnerability data sources , 2021, 2021 IEEE International Conference on Big Data (Big Data).

[2]  Vihara Fernando,et al.  Cyber Forensics Tools: A Review on Mechanism and Emerging Challenges , 2021, 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[3]  Atsuo Hazeyama,et al.  Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique , 2021, HICSS.

[4]  Carsten Maple,et al.  Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic , 2020, Computers & Security.

[5]  Mohamed Elhoseny,et al.  Secure Automated Forensic Investigation for Sustainable Critical Infrastructures Compliant with Green Computing Requirements , 2020, IEEE Transactions on Sustainable Computing.

[6]  Teresa Pereira,et al.  OSSEC IDS Extension to Improve Log Analysis and Override False Positive or Negative Detections , 2019, J. Sens. Actuator Networks.

[7]  Guoen Xia,et al.  Research on Vulnerability Ontology Model , 2019, 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC).

[8]  Ehab Al-Shaer,et al.  ThreatZoom: neural network for automated vulnerability mitigation , 2019, HotSoS.

[9]  Jérôme François,et al.  Utilizing attack enumerations to study SDN/NFV vulnerabilities , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[10]  Shiyan Ou,et al.  Unsupervised Citation Sentence Identification Based on Similarity Measurement , 2018, iConference.

[11]  Olivier Festor,et al.  HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment , 2017, FPS.

[12]  Prathyusha Kanakam,et al.  Cyber Forensic Science to Diagnose Digital Crimes- A study , 2017 .

[13]  Julia E. Sullivan,et al.  How cyber-attacks in Ukraine show the vulnerability of the U.S. power grid , 2017 .

[14]  B. V Prasanthi,et al.  Cyber Forensic Tools: A Review , 2016 .

[15]  Christopher Bronk,et al.  Cyber Security and Critical Energy Infrastructure , 2014 .

[16]  Norah Abokhodair,et al.  Saudi Arabia's response to cyber conflict: A case study of the Shamoon malware incident , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[17]  H. T. Mouftah,et al.  Smart grid forensic science: applications, challenges, and open issues , 2013, IEEE Communications Magazine.

[18]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[19]  Ying Zhu,et al.  Attack Pattern Discovery in Forensic Investigation of Network Attacks , 2011, IEEE Journal on Selected Areas in Communications.

[20]  Christos Ilioudis,et al.  The Importance of Corporate Forensic Readiness in the Information Security Framework , 2010, 2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises.

[21]  Sujeet Shenoi,et al.  Security Strategies for SCADA Networks , 2007, Critical Infrastructure Protection.

[22]  Sujeet Shenoi,et al.  An Architecture for SCADA Network Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[23]  Tom Killalea,et al.  Guidelines for Evidence Collection and Archiving , 2002, RFC.

[24]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[25]  D. Lalitha Bhaskari,et al.  Cloud Forensics-A Framework for Investigating Cyber Attacks in Cloud Environment , 2016 .

[26]  Suneeta Satpathy,et al.  A Digital Investigation Tool based on Data Fusion in Management of Cyber Security Systems , 2010 .

[27]  N. Paulauskas,et al.  Computer System Attack Classification , 2006 .

[28]  Juan Enrique Ramos,et al.  Using TF-IDF to Determine Word Relevance in Document Queries , 2003 .