Abstract:
With the development and popularization of cloud computing, the security situation of cloud computing environment is getting worse. Cloud forensics is of great significance for safeguarding the cloud computing security. The current cloud forensics technology research is at an early stage, and cloud forensics is faced with problems such as lack of digital evidence integrity, high forensics overhead and low intelligence. Therefore, an intelligent cloud forensics method based on SDS (software defined security) and cloud forensics trend analysis is proposed to mitigate some of these problems. Firstly, a cloud forensics architecture based on software defined security is proposed to realize collaborative real-time forensics between cloud network and cloud computing platform. Secondly, a cloud forensics trend analysis algorithm based on the HMM (hidden Markov model) is proposed to realize intelligent forensics strategy decision-making and forensics resource scheduling in the cloud forensics architecture. The experimental results show that, compared with the separate network forensics method and cloud computing platform forensics method, the forensics capacity of this method increases to 91.6%, and the forensics overhead of this method is in between, achieving a better effect between forensics capability and forensics overhead. This method has some referential significance for cloud service providers to provide cloud forensics service.