Cloud Forensics Research Based On Bayesian Networks

In recent years, the Cloud Computing penetrates into the computer science and becomes themost revolutionary technologies. The main advantage of the method is that it can allow us toconformity information system resource and have high efficiency computation at low cost,making gradual change in the usage habits of traditional client terminal. The Cloud Computinghas produced some negative influences while bringing convenience and swiftness, one of whichis the spread of criminal activities on the Cloud platform, some traces left by criminal activityalso have taken on some new laws and the complex distributed architecture of Cloud platformmakes the forensics work face the new challenges. Computer forensics technology is significantmeans to discover and confirm the criminal behavior and effectively crack down the crime ofnetwork, so electronic evidence based on Cloud Computing technologies as Cloud Forensicsplays a key role in case-solving, it’s the result of the information security technologydevelopment and the developing tendency of electronic obtaining of evidence, the research onthe Cloud Forensics technology is still a curtail step at home.This paper mainly studied some key Cloud Forensics technology and Bayesian networkalgorithm and tries to apply Bayesian network optimization to Cloud Forensics evidence analysis,research method is to study the workflow of the computer forensics which is evidenceacquirement, evidence processing and evidence analysis. The major research work is as follows:(1) Discuss the basic conception for computer forensics, Cloud Computing, and thensummarizes the computer forensics technology, security threats in Cloud environments andimplementation mechanisms of Cloud platform, and it deeply studies the key technologies aboutthe Cloud Forensics, after that, the workflow of the Cloud Forensics is put forward.(2) Study the process of evidence acquirement, evidence processing,and introduce the basictheory of Bayesian network and Map Reduce programming model. We propose sequentialpatterns mining algorithm based on MapReduce programming model, use data miningtechnology to collect evidences and accomplish the evidence events association, build the eventBayesian inference network model based on the Bayesian network, the result indicates that thealgorithm is efficient in cutting the redundancy data and provides reliable information forevidence analysis.(3) Evidence analysis based on Bayesian network is put forward to take large data fromelectronic storage device, find trace of a crime scene and brought the crime into the open,through analysis of crime case in the Cloud environment, this thesis presents hypotheticalspeculations and establishes evidence analysis model based on Bayesian network.(4) Integrated with the characteristics of distributed technique and collaboration of CloudComputing technologies, design and realize the Cloud Forensics System which is composed ofCloud platform and client.