Artificial Intelligence-Aided Digital Forensics Examination

人工智能辅助数字取证检查

• 批准号: RGPIN-2019-03995
• 负责人: Dehghantanha, Ali
• 金额: $ 2.4万
• 依托单位: University of Guelph
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=737329
• 关键词: Artificial; Intelligence; Aided; Digital; Forensics

People who investigate cybercrimes have an increasingly large and complex pool of data to sift through, from encrypted communication and social media interactions to data stored on internet of things devices. The current intensive and manual approaches for searching and analyzing digital evidence are not capable of dealing with the increased complexity of digital forensics. Cybercrimes investigators must reason and discover over a large amount of sophisticated data in a relatively short time frame. While artificial intelligence (AI) has a lot to offer to the digital forensics community, AI utilization in digital forensics is still at a very early stage. The long-term goal of my research program is to build an autonomous AI-based system to detect artefacts of interest from all sources of data and analyze them as required. Given the current state of AI-based digital investigation systems, the near-term goal of this program is to build a representation of information into a "smart system" to record, reason about, and exchange information of investigation cases and to detect artefacts of forensics value from complex and uncertain data. The near-term objectives that are pursued in this program are: 1) building a representation of properties of digital evidence suitable for recording, reasoning about, and exchanging information of investigation cases; 2) using AI to automate components of an investigation process such as looking for a particular file, event or log over complex and uncertain datasets; and 3) building AI-based decision-making support systems that suggest the best courses of action in collaborative and mission critical investigation tasks. The research will contribute to the field in the following ways: 1) it will provide a formal and structured representation of knowledge in the digital forensics domain, which is currently limiting information and evidence exchange activities in the field; 2) it will result in creation of fuzzy deep learning AI agents capable of discovering relevant evidence from complex and encrypted data in a timely manner, overcoming limitations of current technology; and 3) it will result in an intuitive multi-criteria fuzzy decision-making support system that is capable of guiding investigators with variety of goals and priorities to take best courses of action. The proposed research will help Canada to establish its leadership in AI and digital forensics and trains at least 8 HQPs who help meet Canada's demand for digital investigators and AI experts. We will create large and re-usable repositories of digital investigation cases which provide a reusable collection of background knowledge for both human and AI agents. Moreover, as most of digital examination cases are collaborative and mission critical tasks, the ability to reason about evidence discovery and analysis process and knowing the best follow-up activities, would assist investigators to make rapid and informed decisions.

调查网络犯罪的人需要筛选越来越大和复杂的数据库，从加密通信和社交媒体互动到存储在物联网设备上的数据。目前用于搜索和分析数字证据的密集和手动方法无法处理数字取证的日益复杂性。网络犯罪调查人员必须在相对较短的时间内推理和发现大量复杂的数据。虽然人工智能（AI）可以为数字取证社区提供很多东西，但AI在数字取证中的应用仍处于非常早期的阶段。 我的研究计划的长期目标是建立一个自主的基于AI的系统，从所有数据源中检测感兴趣的伪影，并根据需要进行分析。考虑到基于人工智能的数字调查系统的现状，该计划的近期目标是将信息表示构建成一个“智能系统”，以记录、推理和交换调查案件的信息，并从复杂和不确定的数据中检测出具有法医价值的人工制品。该计划追求的近期目标是：1）建立适合记录，推理和交换调查案件信息的数字证据属性的表示; 2）使用人工智能自动化调查过程的组件，例如在复杂和不确定的数据集上查找特定文件，事件或日志; 3）建立基于人工智能的决策支持系统，为协作和使命关键调查任务提供最佳行动方案。该研究将通过以下方式为该领域做出贡献：1）它将提供数字取证领域知识的正式和结构化表示，目前这限制了该领域的信息和证据交换活动; 2）它将导致创建模糊深度学习AI代理，能够及时从复杂和加密的数据中发现相关证据，克服现有技术的局限性;以及3）它将产生一个直观的多标准模糊决策支持系统，该系统能够指导具有各种目标和优先事项的调查人员采取最佳行动。拟议的研究将帮助加拿大建立其在人工智能和数字取证方面的领导地位，并培训至少8名HQP，帮助满足加拿大对数字调查人员和人工智能专家的需求。我们将创建大型且可重复使用的数字调查案例库，为人类和人工智能代理提供可重复使用的背景知识集合。此外，由于大多数数字化检查案件是协作和使命关键任务，因此能够对证据发现和分析过程进行推理并了解最佳后续活动，将有助于调查人员做出快速和明智的决定。