Detection and Forensics of Encryption Behavior of Storage File and Network Transmission Data

oleh: Songbin Li, Peng Liu

Format: Article
Diterbitkan: IEEE 2020-01-01

Deskripsi

In recent years, with the widespread application of encryption technology, criminals can hide malicious data without being discovered by security regulatory authorities, which has brought serious challenges to computer forensic investigation. Therefore, it is urgent to study the technology of detection and forensics of encrypted data. This paper proposes a method for encryption detection based on a deep convolutional neural network. The method first converts the raw data into two-dimensional matrixes as the input of the convolutional neural network. Then, the multiscale feature extraction mechanism with multiple activation functions is utilized to provide representative features as the input of subsequent layers. Next, the residual learning operation can further enhance the discrimination of features. By this mean, a network which can automatically extract and learn global contextual information of encrypted data is constructed. The experiment results show that the proposed method achieves high accuracy in the detection of storage file and network transmission data compare to the competitive methods and the detection accuracy on different types of mixed data is higher than 99%. Moreover, the proposed method can accurately detect data encrypted with different algorithms. The average detection rate of DES-encrypted data is higher than that of competitors by more than 5%.