Artifcial Intelligence and Blockchain in Digital Forensics RIVER PUBLISHERS SERIES IN DIGITAL SECURITY AND FORENSICS Series Editors ANAND R. PRASAD R. CHANDRAMOULI Deloitte Tohmatsu Cyber LLC in, Stevens Institute of Technology, Japan USA ABDERRAHIM BENSLIMANE University of Avignon, France The “River Publishers Series in Security and Digital Forensics” is a series of comprehensive academic and professional books which focus on the theory and applications of Cyber Security, including Data Security, Mobile and Network Security, Cryptography and Digital Forensics. Topics in Prevention and Threat Management are also included in the scope of the book series, as are general business Standards in this domain. Books published in the series include research monographs, edited volumes, handbooks and text- books. The books provide professionals, researchers, educators, and advanced students in the feld with an invaluable insight into the latest research and developments. Topics covered in the series include- • Blockchain for secure Transactions • Cryptography • Cyber Security • Data and App Security • Digital Forensics • Hardware Security • IoT Security • Mobile Security • Network Security • Privacy • Software Security • Standardization • Threat Management For a list of other books in this series, visit www.riverpublishers.com Artifcial Intelligence and Blockchain in Digital Forensics Editors P. Karthikeyan National Chung Cheng University, Taiwan Hari Mohan Pandey Bournemouth University, United Kingdom Velliangiri Sarveshwaran SRM Institute of Science and Technology, India River Publishers Published 2023 by River Publishers River Publishers Alsbjergvej 10, 9260 Gistrup, Denmark www.riverpublishers.com Distributed exclusively by Routledge 4 Park Square, Milton Park, Abingdon, Oxon OX14 4RN 605 Third Avenue, New York, NY 10017, USA Artifcial Intelligence and Blockchain in Digital Forensics / P. Karthikeyan, Hari Mohan Pandey and Velliangiri Sarveshwaran. ©2023 River Publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval systems, or transmitted in any form or by any means, mechanical, photocopying, recording or otherwise, without prior written permission of the publishers. Routledge is an imprint of the Taylor & Francis Group, an informa business ISBN 978-87-7022-688-2 (print) ISBN 978-10-0084-806-9 (online) ISBN 978-1-003-37467-1 (ebook master) While every effort is made to provide dependable information, the publisher, authors, and editors cannot be held responsible for any errors or omissions. Contents Preface xv Acknowledgment xvii List of Contributors xix List of Figures xxiii List of Tables xxvii List of Abbreviations xxix 1 Digital Forensics Meets AI: A Game-changer for the 4th Industrial Revolution 1 S.Malhotra 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Digital Forensics. . . . . . . . . . . . . . . . . . . . . . . . 2 1.2.1 Growing need for digital forensics . . . . . . . . . . 4 1.2.2 Process of digital forensics . . . . . . . . . . . . . . 5 1.2.3 Advantages offered and limitations confronted by digital forensics . . . . . . . . . . . . . . . . . . . . 6 1.3 AI and Digital Forensics. . . . . . . . . . . . . . . . . . . . 6 1.3.1 Contribution of AI in the realm of digital forensics . . 6 1.3.1.1 Knowledge representation . . . . . . . . . . 7 1.3.1.2 Reasoning process. . . . . . . . . . . . . . 7 1.3.1.3 Pattern recognition. . . . . . . . . . . . . . 8 1.3.1.4 Knowledge discovery . . . . . . . . . . . . 8 1.3.1.5 Adaptation. . . . . . . . . . . . . . . . . . 8 1.3.2 Different variants of AI-based digital forensics . . . . 8 1.3.3 AI techniques used by digital forensics investigators . 9 1.3.4 Deep learning tools and techniques helping in the domain of digital forensics . . . . . . . . . . . . . . 11 v vi Contents 1.4 Latest AI Trends Impacting Digital Forensics. . . . . . . . . 11 1.4.1 AI has taken a leap from novelty to necessity. . . . . 12 1.4.2 Data-driven AI can generate valuable content. . . . . 12 1.4.3 Smaller datasets are as amenable as big data . . . . . 12 1.4.4 Edge analytics: An upcoming AI trend . . . . . . . . 13 1.4.5 Citizen data scientists: The next big thing under AI. . 13 1.4.6 AI has an ethical and responsible role in society . . . 13 1.5 Challenges and the Road Ahead. . . . . . . . . . . . . . . . 14 1.5.1 Key challenges to be addressed . . . . . . . . . . . . 14 1.5.1.1 Heterogeneity, resulting in lack of standardization. . . . . . . . . . . . . . . . 14 1.5.1.2 AI can be a double-edged sword . . . . . . 14 1.5.1.3 Privacy-preserving and legitimacy outcry . . 15 1.5.2 Road to the future . . . . . . . . . . . . . . . . . . . 15 1.6 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . 16 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2 Mitigating and Controlling Virtual Addiction Through Web Forensics and Deep Learning 21 R.Danu, and S. Kavitha 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.2 Internet Addiction (IA) Types . . . . . . . . . . . . . . . . . 22 2.2.1 Cyberbullying addiction. . . . . . . . . . . . . . . . 22 2.2.2 Web obligations . . . . . . . . . . . . . . . . . . . . 22 2.2.3 Addiction to cyberspace relationships. . . . . . . . . 23 2.2.4 Anxious searching for content. . . . . . . . . . . . . 23 2.2.5 Gaming addiction . . . . . . . . . . . . . . . . . . . 23 2.2.6 Smartphone mobile app addiction. . . . . . . . . . . 23 2.3 Human Behavior Analysis. . . . . . . . . . . . . . . . . . . 23 2.4 Deep Learning’s Relevance to Human Behavior Prediction . . . 25 2.5 Forms of online mining . . . . . . . . . . . . . . . . . . . . 25 2.5.1 HTML page information extraction . . . . . . . . . . 25 2.5.2 Commonly associated metadata extraction . . . . . . 26 2.5.3 Customized web usage monitoring . . . . . . . . . . 26 2.6 Web Usage Mining Process . . . . . . . . . . . . . . . . . . 26 2.7 RNN-based Analysis of Web History Log Data. . . . . . . . 29 2.8 Feed-forward Networks Versus RNNs . . . . . . . . . . . . 29 2.9 RNN Relying on LSTM. . . . . . . . . . . . . . . . . . . . 30 Contents vii 2.10 Various Categories of Forensics. . . . . . . . . . . . . . . . 32 2.10.1 Digitalforensics. . . . . . . . . . . . . . . . . . . . 32 2.10.2 Forensics over networking. . . . . . . . . . . . . . . 32 2.10.3 Webforensics . . . . . . . . . . . . . . . . . . . . . 32 2.10.4 Cloudforensics . . . . . . . . . . . . . . . . . . . . 33 2.10.5 Mobileforensics. . . . . . . . . . . . . . . . . . . . 33 2.10.6 Webbrowser forensics. . . . . . . . . . . . . . . . . 33 2.11 Web Browser Artifacts. . . . . . . . . . . . . . . . . . . . . 33 2.11.1 Navigationhistory. . . . . . . . . . . . . . . . . . . 33 2.11.2 Autocompletedata. . . . . . . . . . . . . . . . . . . 33 2.11.3 Cache . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.11.4 Favicons . . . . . . . . . . . . . . . . . . . . . . . . 34 2.11.5 Browser session storage. . . . . . . . . . . . . . . . 34 2.11.6 Form data . . . . . . . . . . . . . . . . . . . . . . . 34 2.12 Analysis of Website Usage History . . . . . . . . . . . . . . 34 2.13 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.14 Acknowledgement. . . . . . . . . . . . . . . . . . . . . . . 36 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3 Automatic Identifcation of Cyber Predators Using Text Analytics and Machine Learning 41 N.Kavitha, K. Ruba Soundar, S. Shanmuga Priya, and T.SathisKumar 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.1.1 OPI problem defnition . . . . . . . . . . . . . . . . 42 3.2 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . 44 3.2.1 Cyber predator intent classifcation . . . . . . . . . . 45 3.3 System Architecture. . . . . . . . . . . . . . . . . . . . . . 46 3.3.1 Chat category . . . . . . . . . . . . . . . . . . . . . 46 3.3.2 Chat classifcation. . . . . . . . . . . . . . . . . . . 48 3.4 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . 48 3.4.1 Dataset. . . . . . . . . . . . . . . . . . . . . . . . . 49 3.4.2 Results of phase 1: Chat labelling . . . . . . . . . . . 50 3.4.3 Results of phase 2: Chat classifcation . . . . . . . . 50 3.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 51 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 viii Contents 4 CNN Classifcation Approach to Detecting Abusive Content in Text Messages 55 R.Dinesh Kumar, G. Vinoda Reddy, S. Ravi Chand, B.Karthika, and V. Murugesh 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.1.1 Humanity . . . . . . . . . . . . . . . . . . . . . . . 56 4.1.2 Abusive harassment on the internet . . . . . . . . . . 57 4.1.3 Learning algorithm . . . . . . . . . . . . . . . . . . 57 4.2 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . 57 4.3 Proposed Methodology . . . . . . . . . . . . . . . . . . . . 59 4.3.1 Pre-processing. . . . . . . . . . . . . . . . . . . . . 59 4.3.2 Feature extraction . . . . . . . . . . . . . . . . . . . 60 4.3.3 Vector space model (VSM) . . . . . . . . . . . . . . 60 4.3.3.1 Bag of words. . . . . . . . . . . . . . . . . 60 4.3.4 Classifcation methods. . . . . . . . . . . . . . . . . 61 4.3.4.1 Support vector machine (SVM) . . . . . . . 61 4.3.4.2 Multilayer perceptron (MLP) . . . . . . . . 61 4.3.4.3 Convolutional neural networks (CNN) . . . 62 4.4 Performance Analysis and Metrics . . . . . . . . . . . . . . 63 4.4.1 Precision. . . . . . . . . . . . . . . . . . . . . . . . 63 4.4.2 Recall . . . . . . . . . . . . . . . . . . . . . . . . . 64 4.4.3 F-measure . . . . . . . . . . . . . . . . . . . . . . . 64 4.4.4 Accuracy. . . . . . . . . . . . . . . . . . . . . . . . 64 4.5 Results and Discussion . . . . . . . . . . . . . . . . . . . . 64 4.6 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . 65 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 5 Detection of Online Sexual Predatory Chats Using Deep Learning 69 R.Kesavamoorthy, S. P. Anandaraj, T. R. Mahesh, V.Rajesh Kumar, and Asadi Srinivasulu 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 70 5.2 Machine Learning Models to Detect Online Sexual Predatory Chats . . . . . . . . . . . . . . . . . . . . . . . . 70 5.2.1 Deep learning . . . . . . . . . . . . . . . . . . . . . 71 5.2.1.1 Recursive neural network . . . . . . . . . . 72 5.2.1.2 Recurrent neural networks . . . . . . . . . 73 5.2.1.3 Long short-term memory . . . . . . . . . . 74 5.2.1.4 Convolutional neural networks . . . . . . . 74 Contents ix 5.3 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . 78 5.4 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 79 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6 Enhncing ATM Security in the Forensic Domain Using Artifcial Intelligence 81 M.S. Swetha, M. S. Muneshwara, Ashutosh Raj, Atul Tomar, Ayush Prakash, and Chetan Singh 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 82 6.2 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . 83 6.3 Problem Statement . . . . . . . . . . . . . . . . . . . . . . 84 6.4 Proposed System . . . . . . . . . . . . . . . . . . . . . . . 87 6.5 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 87 6.6 Result and Discussion. . . . . . . . . . . . . . . . . . . . . 89 6.7 Future Scope. . . . . . . . . . . . . . . . . . . . . . . . . . 93 6.8 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . 95 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 7 Network Forensics Architecture for Mitigating Attacks in Software-defned Networks 99 Immanuel Johnraja Jebadurai, Getzi Jeba Leelipushpam Paulraj, Jebaveerasingh Jebadurai, and Salaja Silas 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 100 7.2 Software-defned Networking Planes . . . . . . . . . . . . . 100 7.3 Attacks in Software-defned Networks . . . . . . . . . . . . 102 7.4 Network Forensics Architecture for Securing an SDN . . . . 103 7.4.1 Identifcation phase . . . . . . . . . . . . . . . . . . 104 7.4.2 Data collection phase . . . . . . . . . . . . . . . . . 104 7.4.3 Analysis phase. . . . . . . . . . . . . . . . . . . . . 108 7.4.3.1 Detection of fooding attack . . . . . . . . . 108 7.4.3.2 Detection of a fow table overfow attack . . 109 7.5 Experimental Analysis. . . . . . . . . . . . . . . . . . . . . 110 7.5.1 Performance analysis on fooding attack detection. . . . . . . . . . . . . . . . . . . . . . . . 110 7.5.2 Performance analysis on fow table overfow attack detection . . . . . . . . . . . . . . . . . . . . 112 7.6 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . 112 7.7 Acknowledgement. . . . . . . . . . . . . . . . . . . . . . . 113 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113