Examining digital forensics in the context of Shamoan attack behavior within fog computing and exploring threat intelligence for Incident Response

Examining digital forensics in the context of Shamoan attack behavior within fog computing and exploring threat intelligence for Incident Response

연구 분야: Safety

학회: 2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC)

Cybercrime is on the rise in modern society. Thus, the investigation of cybercrimes has used digital forensics. Numerous studies that analyze malware types, cyber-attacks, and other related topics have been conducted. Studies and analyses of APTs, particularly the Shamoon attack, as a basis for research. The purpose of this study was to evaluate the efficacy of supervised machine learning classifiers in the context of intrusion detection, with a focus on Support Vector Machine, Random Forest, Logistic Regression, and Gaussian Naive Bayes. The NSL-KDD dataset was used for the evaluation, and each classifier’s efficacy was assessed by contrasting its results based on accuracy, precision, recall, and F1-Score.With an accuracy of 99%, it can be inferred from the observed results that the Random Forest classifier performs better than the other classifiers for the specified dataset and parameters. To build on this work, future studies may examine how well these classifiers operate in scenarios involving several classes and think about adding only the most necessary characteristics for more focused intrusion detection.The FPSO mechanism puts the TSP’s operational process into practice. The FPSO mechanism carries out insertion and swap operations. After evaluating the fitness function, the nearest neighbour’s algorithm is used to determine the best shortest path. After evaluation, the best local and best global solutions are discovered. The appropriate positions and speeds are lastly updated. The generated optimal path can be used to assess the distribution of movement for Shamoon attacks. The suggested system’s efficacy has been evaluated by evaluating the fitness value and optimal cost. Distribution of the Shamoon data attack has been observed. Lastly, a threat intelligence plan is proposed to investigate and examine the behavior and spread of Shamoon attacks in the margins of fog computing.