Collusion Detection and Identification for Multimedia Forensics
CITATION:
Anthony Persaud and Yong Guan, "Collusion Detection and Identification for Multimedia Forensics" Second Annual IFIP WG 11.9 International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, January 2006

Advances in Digital Forensics II - ISBN: 978-0-387-36890-0
ABSTRACT: Advances in Digital Forensics IIIn this paper, we propose a wavelet-based multimedia fingerprint scheme and clustering algorithm for collusion detection and identification.

The use of digital multimedia contents has steadily increased due to the ease of large-scale content distribution through mediums like the Internet. Encryption is generally used to safeguard content while it is being transmitted, but offers no protection after the intended recipient receives the data. It is important to design reliable investigative techniques against unauthorized duplication and propagation, and also provide protection in the form of theft deterrence. Some fingerprint embedding schemes were developed to be robust against single-user attacks. However, a new breed of attacks known as collusion attacks, have been used to defeat these underlying schemes. These attacks use the combination of multiple fingerprinted copies in order to create a new version where the underlying fingerprint is highly attenuated so that it becomes untraceable to the colluders.

This paper adopts the use of wavelet transforms and statistical classification techniques to effectively identify the set of colluders involved in a collusion attack while maintaining low miss rates and false accusation rates. Our experimental results show that our scheme performs effectively in identifying large colluder sets to aid multimedia forensic investigations, while minimizing the possibility of innocent individuals being wrongly accused.

Stepping Stone Attack Attribution in Non-Cooperative IP Networks
CITATION:
Zhang, Linfeng and Persaud, Anthony and Johnson, Alan and Guan, Yong (2006) Stepping Stone Attack Attribution in Non-Cooperative IP Networks. Proceedings of the 25th IEEE International Performance Computing and Communications Conference. Phoenix, Arizona.
ABSTRACT: Network based attackers often relay attacks through intermediary hosts which are called stepping stones to evade detection. It is difficult to attribute the real attacker in non-cooperative IP networks. Attackers also make detection more difficult by introducing delay and chaff into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers can not always evade detection only by adding limited delay and independent chaff. We give the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and our experiments show that our algorithms are more effective in detecting stepping stones in some scenarios.

A Framework for Email Investigation: Automated Information Extraction and Linkage Discovery
CITATION:

Anthony Persaud and Yong Guan, (2005) A Framework for Email Investigation: Automated Information Extraction and Linkage Discovery. In Pollitt, M., Shenoi, S. (Eds.) Advances in Digital Forensics . (pp. 79 - 90) Orlando, FL., Springer 2005. [Book Link]

Advances in Digital Forensics - ISBN: 978-0387300122
ABSTRACT: Advances in Digital Forensics 2005Email can arguably be the most abundant form of communication in electronic format used by criminals to commit illegal activities such as threats, fraud, phishing scams and email viruses. Due to the increase in criminal activity using email messages, it is often impossible to analyze email-related evidence manually, with any expectation of exploiting its full investigative potential. Investigators require a more automated means of analyzing email messages for their computer crime investigations. In this paper, we propose an initial framework for email investigation consisting of automated techniques for information extraction and linkage discovery. The application of data mining, text mining, and link analysis concepts to email investigations will aid law enforcement, government agencies, and private sectors to more accurately correlate events, social networks and activities from email-related evidence at the main benefit of reducing manual analysis.
 
Website Design by: Anthony G Persaud