Artificial immune intelligence-inspired dynamic real-time computer forensics model

Abstract

Dynamic computer forensics is a popular area in computer forensics that combines network intrusion technology with computer forensics technology. A novel dynamic computer forensics model is proposed based on an artificial immune system. Simulating the artificial immune mechanism, the definitions of self, non-self, and immunocyte in the network transactions are given. Then, detailed evolution processes for immature detectors, mature detectors, and memory detectors are given. Realtime network risk evaluation equations are constructed, which can compute the risk of each type of network attack. Finally, computer forensics is accomplished according to the real-time network risk. The immune cells dynamically capture the real-time computer system status of the invading antigen, including CPU utilization, memory utilization, network bandwidth utilization status, etc. Theoretical analysis and comparative experimental results demonstrate that the proposed model improves the realtime efficiency and performance with low technical requirements for technicians compared with existing models.