ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (10): 2262-2276.doi: 10.7544/issn1000-1239.2019.20190394

Special Issue: 2019密码学与智能安全研究专题

Previous Articles     Next Articles

A Cloud Forensics Method Based on SDS and Cloud Forensics Trend Analysis

Liu Xuehua1,2, Ding Liping1,3,4, Liu Wenmao5, Zheng Tao6, Li Yanfeng1,2, Wu Jingzheng7   

  1. 1(Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190);2(School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049);3(Digital Forensics Laboratory, Institute of Software Application Technology, Guangzhou and Chinese Academy of Sciences, Guangzhou 511458);4(Guangdong Chinese Academy of Sciences & Realdata Science and Technology Company Limited, Guangzhou 511458);5(NSFOCUS Information Technology Company Limited, Beijing 100089);6(China United Network Communications Corporation Limited, Beijing 100033);7(Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190)
  • Online:2019-10-16

Abstract: With the development and popularization of cloud computing, the security situation of cloud computing environment is getting worse. Cloud forensics is of great significance for safeguarding the cloud computing security. The current cloud forensics technology research is at an early stage, and cloud forensics is faced with problems such as lack of digital evidence integrity, high forensics overhead and low intelligence. Therefore, an intelligent cloud forensics method based on SDS (software defined security) and cloud forensics trend analysis is proposed to mitigate some of these problems. Firstly, a cloud forensics architecture based on software defined security is proposed to realize collaborative real-time forensics between cloud network and cloud computing platform. Secondly, a cloud forensics trend analysis algorithm based on the HMM (hidden Markov model) is proposed to realize intelligent forensics strategy decision-making and forensics resource scheduling in the cloud forensics architecture. The experimental results show that, compared with the separate network forensics method and cloud computing platform forensics method, the forensics capacity of this method increases to 91.6%, and the forensics overhead of this method is in between, achieving a better effect between forensics capability and forensics overhead. This method has some referential significance for cloud service providers to provide cloud forensics service.

Key words: cloud computing, cloud forensics, digital forensics, software defined security (SDS), hidden Markov model (HMM), cloud forensics trend

CLC Number: