An automated malicious host recognition model in cloud forensics

Abstract

Cloud forensics is the new emerging science where traditional digital forensics methodology and cloud computational intelligence have been blended in such a way that all the malicious cloud criminals can be identified and punished in a justified manner. The distributed and black-box architecture of the cloud has faded the concept of examining each and every local host to identify proper malicious actors. Here, an obvious demand of an automated criminal recognition model has come into play. This paper mainly focuses on this legitimate demand of cloud forensic investigators by proposing a Cloud Malicious Actor Identifier model. This model identifies the malicious actors related to a particular crime scene and ranks them according to their probability of being malicious using a very well-known machine learning technique, Boosting. The main purpose of this model is to mitigate the overhead of probing each and every IP address while investigation. The performance evaluation of the proposed model has also been explained with logical explanation and achieved output.