WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach

Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of t...

Full description

Saved in:
Bibliographic Details
Main Authors: Sanda, Pranitha, Pawar, Digambar, Vedala, Radha
Format: Conference Proceeding
Language:English
Subjects:
anti-forensics
digital forensics
Entropy
Forensics
Government
Measurement
Privacy
Reliability theory
Resistance
system calls
wiper attacks
wiping
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 1703
container_issue
container_start_page 1695
container_title
container_volume
creator Sanda, Pranitha
Pawar, Digambar
Vedala, Radha
description Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of their execution. Thereby leading to the investigation of incomplete and unreliable evidential artifacts. On the other hand, a wiper attack is one of the most destructive cyberattacks as it causes permanent damage to the data by overwriting the original content. It has serious consequences on national and international security. These attacks have targeted government organizations, financial institutions, and energy sectors in recent years, causing loss of sensitive data, significant downtime, financial losses, and reputation damage. In both scenarios, detecting wiping to mitigate its effect becomes crucial. In this paper, we detect wiper attacks using the Sequence of System-calls (SoS) and information theory metrics and analyze the behavior of the benign and wiping process. Finally, we demonstrate the application of the proposed model by simulating the wiping process on a system and detect wiping. The results show that the proposed model detects wiping accurately.
doi_str_mv 10.1109/TrustCom60117.2023.00231
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_10538596</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10538596</ieee_id><sourcerecordid>10538596</sourcerecordid><originalsourceid>FETCH-LOGICAL-i134t-daf1c16c1bbcb61ab00402921eee719956b528996c16acbd4c2ac1b2b06ab7e3</originalsourceid><addsrcrecordid>eNotTlFLwzAYjILgmP0HPuQPpH5f0qSNb6VzKgwUV9jjSLJMI11bmuxh_96KwnHHwd1xhFCEHBH0QzudY2qGkwLEMufARQ4z4RXJdKkrIUFUqLW4JgsueME0oLglWYzfACA4FFjJBXnfhZXfPtJdGEP_SVc-eZfC0NNz_PXbS0z-xJzpukgZrfsZKbD1MPk-Bkc_fAwxmT7RehynwbivO3JzNF302b8uSbt-apsXtnl7fm3qDQsoisQO5ogOlUNrnVVoLEABXHP03pfzbams5JXWc0IZZw-F42YOcwvK2NKLJbn_mw1zYT9O4WSmyx5BikpqJX4AbpZSGA</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach</title><source>IEEE Xplore All Conference Series</source><creator>Sanda, Pranitha ; Pawar, Digambar ; Vedala, Radha</creator><creatorcontrib>Sanda, Pranitha ; Pawar, Digambar ; Vedala, Radha</creatorcontrib><description>Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of their execution. Thereby leading to the investigation of incomplete and unreliable evidential artifacts. On the other hand, a wiper attack is one of the most destructive cyberattacks as it causes permanent damage to the data by overwriting the original content. It has serious consequences on national and international security. These attacks have targeted government organizations, financial institutions, and energy sectors in recent years, causing loss of sensitive data, significant downtime, financial losses, and reputation damage. In both scenarios, detecting wiping to mitigate its effect becomes crucial. In this paper, we detect wiper attacks using the Sequence of System-calls (SoS) and information theory metrics and analyze the behavior of the benign and wiping process. Finally, we demonstrate the application of the proposed model by simulating the wiping process on a system and detect wiping. The results show that the proposed model detects wiping accurately.</description><identifier>EISSN: 2324-9013</identifier><identifier>EISBN: 9798350381993</identifier><identifier>DOI: 10.1109/TrustCom60117.2023.00231</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>anti-forensics ; digital forensics ; Entropy ; Forensics ; Government ; Measurement ; Privacy ; Reliability theory ; Resistance ; system calls ; wiper attacks ; wiping</subject><ispartof>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, p.1695-1703</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10538596$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,27904,54534,54911</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10538596$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Sanda, Pranitha</creatorcontrib><creatorcontrib>Pawar, Digambar</creatorcontrib><creatorcontrib>Vedala, Radha</creatorcontrib><title>WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach</title><title>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)</title><addtitle>TRUSTCOM</addtitle><description>Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of their execution. Thereby leading to the investigation of incomplete and unreliable evidential artifacts. On the other hand, a wiper attack is one of the most destructive cyberattacks as it causes permanent damage to the data by overwriting the original content. It has serious consequences on national and international security. These attacks have targeted government organizations, financial institutions, and energy sectors in recent years, causing loss of sensitive data, significant downtime, financial losses, and reputation damage. In both scenarios, detecting wiping to mitigate its effect becomes crucial. In this paper, we detect wiper attacks using the Sequence of System-calls (SoS) and information theory metrics and analyze the behavior of the benign and wiping process. Finally, we demonstrate the application of the proposed model by simulating the wiping process on a system and detect wiping. The results show that the proposed model detects wiping accurately.</description><subject>anti-forensics</subject><subject>digital forensics</subject><subject>Entropy</subject><subject>Forensics</subject><subject>Government</subject><subject>Measurement</subject><subject>Privacy</subject><subject>Reliability theory</subject><subject>Resistance</subject><subject>system calls</subject><subject>wiper attacks</subject><subject>wiping</subject><issn>2324-9013</issn><isbn>9798350381993</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2023</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotTlFLwzAYjILgmP0HPuQPpH5f0qSNb6VzKgwUV9jjSLJMI11bmuxh_96KwnHHwd1xhFCEHBH0QzudY2qGkwLEMufARQ4z4RXJdKkrIUFUqLW4JgsueME0oLglWYzfACA4FFjJBXnfhZXfPtJdGEP_SVc-eZfC0NNz_PXbS0z-xJzpukgZrfsZKbD1MPk-Bkc_fAwxmT7RehynwbivO3JzNF302b8uSbt-apsXtnl7fm3qDQsoisQO5ogOlUNrnVVoLEABXHP03pfzbams5JXWc0IZZw-F42YOcwvK2NKLJbn_mw1zYT9O4WSmyx5BikpqJX4AbpZSGA</recordid><startdate>20231101</startdate><enddate>20231101</enddate><creator>Sanda, Pranitha</creator><creator>Pawar, Digambar</creator><creator>Vedala, Radha</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20231101</creationdate><title>WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach</title><author>Sanda, Pranitha ; Pawar, Digambar ; Vedala, Radha</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i134t-daf1c16c1bbcb61ab00402921eee719956b528996c16acbd4c2ac1b2b06ab7e3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2023</creationdate><topic>anti-forensics</topic><topic>digital forensics</topic><topic>Entropy</topic><topic>Forensics</topic><topic>Government</topic><topic>Measurement</topic><topic>Privacy</topic><topic>Reliability theory</topic><topic>Resistance</topic><topic>system calls</topic><topic>wiper attacks</topic><topic>wiping</topic><toplevel>online_resources</toplevel><creatorcontrib>Sanda, Pranitha</creatorcontrib><creatorcontrib>Pawar, Digambar</creatorcontrib><creatorcontrib>Vedala, Radha</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Sanda, Pranitha</au><au>Pawar, Digambar</au><au>Vedala, Radha</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach</atitle><btitle>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)</btitle><stitle>TRUSTCOM</stitle><date>2023-11-01</date><risdate>2023</risdate><spage>1695</spage><epage>1703</epage><pages>1695-1703</pages><eissn>2324-9013</eissn><eisbn>9798350381993</eisbn><coden>IEEPAD</coden><abstract>Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of their execution. Thereby leading to the investigation of incomplete and unreliable evidential artifacts. On the other hand, a wiper attack is one of the most destructive cyberattacks as it causes permanent damage to the data by overwriting the original content. It has serious consequences on national and international security. These attacks have targeted government organizations, financial institutions, and energy sectors in recent years, causing loss of sensitive data, significant downtime, financial losses, and reputation damage. In both scenarios, detecting wiping to mitigate its effect becomes crucial. In this paper, we detect wiper attacks using the Sequence of System-calls (SoS) and information theory metrics and analyze the behavior of the benign and wiping process. Finally, we demonstrate the application of the proposed model by simulating the wiping process on a system and detect wiping. The results show that the proposed model detects wiping accurately.</abstract><pub>IEEE</pub><doi>10.1109/TrustCom60117.2023.00231</doi><tpages>9</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2324-9013
ispartof 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, p.1695-1703
issn 2324-9013
language eng
recordid cdi_ieee_primary_10538596
source IEEE Xplore All Conference Series
subjects anti-forensics
digital forensics
Entropy
Forensics
Government
Measurement
Privacy
Reliability theory
Resistance
system calls
wiper attacks
wiping
title WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T14%3A33%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=WiDeS:%20Wiping%20Detection%20using%20System-calls%20-%20An%20Anti-Forensic%20Resistant%20Approach&rft.btitle=2023%20IEEE%2022nd%20International%20Conference%20on%20Trust,%20Security%20and%20Privacy%20in%20Computing%20and%20Communications%20(TrustCom)&rft.au=Sanda,%20Pranitha&rft.date=2023-11-01&rft.spage=1695&rft.epage=1703&rft.pages=1695-1703&rft.eissn=2324-9013&rft.coden=IEEPAD&rft_id=info:doi/10.1109/TrustCom60117.2023.00231&rft.eisbn=9798350381993&rft_dat=%3Cieee_CHZPO%3E10538596%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i134t-daf1c16c1bbcb61ab00402921eee719956b528996c16acbd4c2ac1b2b06ab7e3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10538596&rfr_iscdi=true