{"title":"基于Sigma规则的无人机取证时间线异常检测","authors":"H. Studiawan, Ahmad Firdaus, B. Pratomo, T. Ahmad","doi":"10.1109/ESCI56872.2023.10100018","DOIUrl":null,"url":null,"abstract":"Drones, also known as UAVs (unmanned aerial vehicles), are unmanned devices that provide unique functionality, enabling area surveillance, inspections, and surveys. In recent years, the rapid growth of drones has also raised several security concerns related to illegal activities, making them a source of evidence. Therefore, it is very important for digital forensic examiners to have the ability to analyze the source of content stored on drones. If the drone encounters a problem or has an accident, it is necessary to carry out a forensic analysis of the device. In this paper, we build a drone forensic timeline using the log2timeline plaso. This timeline records all drone activities. We then propose to apply Sigma rules to detect anomalies in the drone timeline. With this technique, digital forensic examiners can detect anomalous activities that occur on drones.","PeriodicalId":441215,"journal":{"name":"2023 International Conference on Emerging Smart Computing and Informatics (ESCI)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Anomaly Detection on Drone Forensic Timeline with Sigma Rules\",\"authors\":\"H. Studiawan, Ahmad Firdaus, B. Pratomo, T. Ahmad\",\"doi\":\"10.1109/ESCI56872.2023.10100018\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Drones, also known as UAVs (unmanned aerial vehicles), are unmanned devices that provide unique functionality, enabling area surveillance, inspections, and surveys. In recent years, the rapid growth of drones has also raised several security concerns related to illegal activities, making them a source of evidence. Therefore, it is very important for digital forensic examiners to have the ability to analyze the source of content stored on drones. If the drone encounters a problem or has an accident, it is necessary to carry out a forensic analysis of the device. In this paper, we build a drone forensic timeline using the log2timeline plaso. This timeline records all drone activities. We then propose to apply Sigma rules to detect anomalies in the drone timeline. With this technique, digital forensic examiners can detect anomalous activities that occur on drones.\",\"PeriodicalId\":441215,\"journal\":{\"name\":\"2023 International Conference on Emerging Smart Computing and Informatics (ESCI)\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 International Conference on Emerging Smart Computing and Informatics (ESCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ESCI56872.2023.10100018\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Conference on Emerging Smart Computing and Informatics (ESCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ESCI56872.2023.10100018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Anomaly Detection on Drone Forensic Timeline with Sigma Rules
Drones, also known as UAVs (unmanned aerial vehicles), are unmanned devices that provide unique functionality, enabling area surveillance, inspections, and surveys. In recent years, the rapid growth of drones has also raised several security concerns related to illegal activities, making them a source of evidence. Therefore, it is very important for digital forensic examiners to have the ability to analyze the source of content stored on drones. If the drone encounters a problem or has an accident, it is necessary to carry out a forensic analysis of the device. In this paper, we build a drone forensic timeline using the log2timeline plaso. This timeline records all drone activities. We then propose to apply Sigma rules to detect anomalies in the drone timeline. With this technique, digital forensic examiners can detect anomalous activities that occur on drones.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
