A framework for the identification of suspicious packets to detect anti-forensic attacks in the cloud environment

Cloud computing is becoming a prominent service model of computing platforms offering resources to all categories of users on-demand. On the other side, cloud environment is vulnerable to many criminal activities too. Investigating the cloud crimes is the need of the hour. Anti-forensic attack in cloud is an attack which specifically aims to scuttle the cloud forensic process. Though many researchers proposed various cloud forensic approaches, detecting cloud anti-forensic attack still remains a challenge as it hinders every step of forensic process. In this paper, we propose a three stage system for the detection of cloud anti-forensic attack with a well defined sequence of tasks in which the process of identifying the suspicious packets plays the major part. Every packet affected with any kind of cloud attack is labeled as suspicious packet and such packets are marked to traceback anti-forensic attack. The main focus of this paper is to deploy such a mechanism to identify the suspicious packets in cloud environment. To categorize the type of attack that affected the packet, both signature analysis and anomaly detection at cloud layers are applied in our proposed approach. The proposed anomaly detection approach is tested on NSL-KDD dataset. The experimental results show that the accuracy of the proposed approach is high compared to the existing approaches.