LAUSR

The exponential growth in technology observed over the past decade has introduced newer ways to exploit network and cyber-physical system-related vulnerabilities. Cybercriminals perform malware attacks by exploiting vulnerabilities to cause damage to a network or computer without any victim's knowledge. The attack sites from where the vulnerabilities are exploited provide concrete evidence that can be collected and used against the attackers (cybercriminals) under cyber law jurisdiction. The collected digital pieces of evidence can easily be damaged by various attack techniques. The investigation of the crime is purely dependent on the raw evidence that must be protected for correct investigation. In this article, a crypto-evidence preservation and evidence collecting model is proposed. The model is used to detect malware attacks, preserve evidence, and categorize the network traffic data into suitable classes as either malicious or non-malicious. It successfully preserves collected digital pieces of evidence and keeps them in protected mode (tamper-safe). The meta-data for malware traffic is extracted using deep learning and machine learning classifiers. The various studies have shown that deep learning supports the analysis of large data sets efficiently whereas ensemble classifiers increase the probability for better prediction analysis of malware and real-time data flowing through a network. This article proposes an ensemble classifier-based deep learning model to investigate malicious packets, preserve evidence using the SHA-256 crypto-system, learn on collected data and keep the pieces of evidence alive (availability of data) when needed in the forensic investigation on the network for a malware attack. The proposed model outperforms various existing models with an average score of 97% (F1-score) for malware detection and evidence preservation. Further, the scope of the work is discussed which can be explored by the researchers for their study.