Improved Multi-Verse Optimizer Feature Selection Technique With Application To Phishing, Spam, and Denial Of Service Attacks

Intelligent classification systems proved their merits in different fields including cybersecurity. However, most cybercrime issues are characterized of being dynamic and not static classification problems where the set of discriminative features keep changing with time. This indeed requires revising the cybercrime classification system and pick a group of features that preserve or enhance its performance. Not only this but also the system compactness is regarded as an important factor to judge on the capability of any classification system where cybercrime classification systems are not an exception. The current research proposes an improved feature selection algorithm that is inspired from the well-known multi-verse optimizer (MVO) algorithm. Such an algorithm is then applied to 3 different cybercrime classification problems namely phishing websites, spam, and denial of service attacks. MVO is a population-based approach which stimulates a well-known theory in physics namely multi-verse theory. MVO uses the black and white holes principles for exploration, and wormholes principle for exploitation. A roulette selection schema is used for scientifically modeling the principles of white hole and black hole in exploration phase, which bias to the good solutions, in this case the solutions will be moved toward the best solution and probably to lose the diversity, other solutions may contain important information but didn’t get chance to be improved. Thus, this research will improve the exploration of the MVO by introducing the adaptive neighborhood search operations in updating the MVO solutions. The classification phase has been done using a classifier to evaluate the results and to validate the selected features. Empirical outcomes confirmed that the improved MVO (IMVO) algorithm is capable to enhance the search capability of MVO, and outperform other algorithm involved in comparison

Adli Bilişim İncelenme Süreçlerinde Yapay Zeka Kullanımı: VGG16 ile Görüntü Sınıflandırma

Son yıllarda teknolojide meydana gelen gelişmelerle beraber başta internet ve sosyal medya olmak üzere bulut bilişim, akıllı telefon ve navigasyon sistemleri gibi uygulamaların kullanım oranları artmıştır. İnternet ve bilişim cihazlarının yoğun kullanımı, beraberinde depolanan veya aktarılan veri miktarını arttırmış ve bu artış aynı zamanda dijital dünya ile ilişkilendirilen suç oranının da yükselmesine neden olmuştur. İşlenen suçlara ilişkin elde edilen delil boyutu da paralel olarak artmış ve artan veri miktarı, adli bilişim uzmanlarının mevcut imkânlarla veriyi analiz edebilmesini zorlaştırmıştır. Adli bilişim veri inceleme süreçlerinde yaşanan aksamalar nihai olarak adli yargılama süreçlerini de olumsuz etkilemiştir. Söz konusu sorunların giderilmesi kapsamında makalede, elde edilen görüntü verilerinin hızlı ve doğru olarak analiz edilmesini sağlayan bir model önerilmiştir. Önerilen model, VGG16 ağ yapısı ile görüntü sınıflandırma için özel tasarlanan ağ katmanlarından oluşmaktadır. Çalışmada, 2085’i Kaggle platformundan 915’i farklı kaynaklardan oluşturulan 300*300 piksel çözünürlüklü resimlerden oluşan veri seti kullanılmıştır. Model, FloydHub ortamında Keras ve TensorFlow kütüphaneleri ile test edilmiştir. Test sonuçlarına göre modelde %97.8 doğruluk oranı elde edilmiştir. Elde edilen sonuç, benzer çalışmalarla kıyaslanmış ve önerilen modelin diğer çalışmalara oranla ortalama %5 oranında performans artışı sağladığı görülmüştür

Integrated examination and analysis model for improving mobile cloud forensic investigation

Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance