Artificial Intelligence-Aided Digital Forensics Examination

人工智能辅助数字取证检查

基本信息

批准号：
RGPIN-2019-03995
负责人：
Dehghantanha, Ali
金额：
$ 2.4万
依托单位：
University of Guelph
依托单位国家：
加拿大
项目类别：
Discovery Grants Program - Individual
财政年份：
2021
资助国家：
加拿大
起止时间：
2021-01-01 至 2022-12-31
项目状态：
已结题

来源：
https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=737329
关键词：
Artificial Intelligence Aided Digital Forensics

项目摘要

People who investigate cybercrimes have an increasingly large and complex pool of data to sift through, from encrypted communication and social media interactions to data stored on internet of things devices. The current intensive and manual approaches for searching and analyzing digital evidence are not capable of dealing with the increased complexity of digital forensics. Cybercrimes investigators must reason and discover over a large amount of sophisticated data in a relatively short time frame. While artificial intelligence (AI) has a lot to offer to the digital forensics community, AI utilization in digital forensics is still at a very early stage. The long-term goal of my research program is to build an autonomous AI-based system to detect artefacts of interest from all sources of data and analyze them as required. Given the current state of AI-based digital investigation systems, the near-term goal of this program is to build a representation of information into a "smart system" to record, reason about, and exchange information of investigation cases and to detect artefacts of forensics value from complex and uncertain data. The near-term objectives that are pursued in this program are: 1) building a representation of properties of digital evidence suitable for recording, reasoning about, and exchanging information of investigation cases; 2) using AI to automate components of an investigation process such as looking for a particular file, event or log over complex and uncertain datasets; and 3) building AI-based decision-making support systems that suggest the best courses of action in collaborative and mission critical investigation tasks. The research will contribute to the field in the following ways: 1) it will provide a formal and structured representation of knowledge in the digital forensics domain, which is currently limiting information and evidence exchange activities in the field; 2) it will result in creation of fuzzy deep learning AI agents capable of discovering relevant evidence from complex and encrypted data in a timely manner, overcoming limitations of current technology; and 3) it will result in an intuitive multi-criteria fuzzy decision-making support system that is capable of guiding investigators with variety of goals and priorities to take best courses of action. The proposed research will help Canada to establish its leadership in AI and digital forensics and trains at least 8 HQPs who help meet Canada's demand for digital investigators and AI experts. We will create large and re-usable repositories of digital investigation cases which provide a reusable collection of background knowledge for both human and AI agents. Moreover, as most of digital examination cases are collaborative and mission critical tasks, the ability to reason about evidence discovery and analysis process and knowing the best follow-up activities, would assist investigators to make rapid and informed decisions.

调查网络犯罪的人拥有越来越大，复杂的数据池，从加密的通信和社交媒体互动到存储在物联网设备上的数据。当前的搜索和分析数字证据的强化和手动方法无法应对数字取证的增加。网络犯罪研究人员必须在相对较短的时间范围内推理并发现大量复杂数据。尽管人工智能（AI）可以为数字取证社区提供很多东西，但数字取证中的AI利用仍处于很早的阶段。我的研究计划的长期目标是建立一个基于自主的AI系统，以从所有数据源中检测感兴趣的伪像，并根据需要进行分析。鉴于基于AI的数字调查系统的当前状态，该计划的近期目标是将信息代表到“智能系统”中，以记录有关调查案例的信息，理性和交换信息，并从复杂和不确定的数据中检测到取证价值的文物。该计划中实现的近期目标是：1）建立适合记录，推理和交换调查案例信息的数字证据的属性的代表； 2）使用AI自动化调查过程的组件，例如查找特定文件，事件或登录复杂和不确定的数据集； 3）建立基于AI的决策支持系统，该系统提出了协作和任务关键调查任务中最佳行动方案。该研究将以以下方式为该领域做出贡献：1）它将在数字取证领域中提供正式的知识代表，目前正在限制该领域的信息和证据交换活动； 2）这将导致产生模糊的深度学习AI代理，能够及时从复杂和加密数据中发现相关证据，从而克服了当前技术的局限性； 3）这将导致一个直观的多标准模糊决策支持系统，该系统能够指导调查人员拥有各种目标和优先事项以采取最佳行动方案。拟议的研究将帮助加拿大在AI和数字取证和训练至少8个HQP上建立其领导能力，这些HQP有助于满足加拿大对数字研究人员和AI专家的需求。我们将创建大型且可重复使用的数字调查案例存储库，为人类和AI代理提供可重复使用的背景知识的收集。此外，由于大多数数字考试案例都是协作和任务至关重要的任务，因此有助于证据发现和分析过程以及了解最佳后续活动的能力，将有助于调查人员做出快速而知情的决定。