AN INVESTIGATION OF DIGITAL FORENSICS FOR SHAMOON ATTACK BEHAVIOUR IN FOG COMPUTING AND THREAT INTELLIGENCE FOR INCIDENT RESPONSE | [Journal of Theoretical and Applied Information Technology • 2020]

Author(s):

1. AHMAD K. Al HWAITAT: King Abdullah the II IT School, Department of Computer Science, The University of Jordan, Jordan

2. SAHER MANASEER: King Abdullah the II IT School, Department of Computer Science, The University of Jordan, Jordan

3. RIZIK M. H. Al-SAYYED: King Abdullah the II IT School, The University of Jordan, Department of Information Technology, Jordan

4. MOHAMMED AMIN ALMAIAH: King Faisal University, Department computer science, Saudi Arabia

5. OMAR ALMOMANI: The World Islamic Sciences and Education University, Department Computer Networks, Jordan

Abstract:

Cyber related crimes are increasing nowadays. Thus digital forensics has been employed in solving cybercrimes. Several researches have been done where they have analysed cyber related attacks, malware types, etc. Researches based on studying and analysing Advanced Persistent Threats (APTs), especially Shamoon attack. This research has been done in order to study and analyse the attacking behaviour of Shamoon malware in fog computing using FPSO (Frequency Particles Swarm Optimization) based on Travelling Salesman approach (TSP). In this proposed system, fog nodes are initiated where the nodes delivers three types of data namely industrial, medical and educational data. Secondly Shamoon attack is created followed by distance matrix evaluation. As the Shamoon attack focuses on attacking industrial data, the attack distribution movement focuses mainly on industrial data. After the evaluation, priorities of the particles should be assigned randomly. Once FPSO parameters are initialized, objective function of every particle is evaluated. The FPSO mechanism implements the working procedure of TSP. Under the FPSO mechanism, swap and insertion operations are performed. In order to find the best shortest path, nearest neighbouring algorithm is used, which follows evaluation of fitness function. After evaluation, local best lbest and global best gbest solutions are obtained. Finally, appropriate positions and velocities are updated. From the resultant optimum path, the distribution of Shamoon attack movement can be analysed. The performance of this proposed system has been evaluated by estimating the fitness value, best cost. The attack distribution of Shamoon data has been observed. Then finally a threat intelligence scheme is proposed for the investigating and analysis behaviour and spread of Shamoon attacks in edges of Fog computing.

Page(s): 977-990

DOI: DOI not available

Published: Journal: Journal of Theoretical and Applied Information Technology, Volume: 98, Issue: 7, Year: 2020

Keywords:

Shamoon Attack , Fitness Estimation , FPSO , Investigation of Cyber Crimes Cyber Security

References:

References are not available for this document.

Citations

Citations are not available for this document.

Citations

Downloads

Views