Date of Award
Doctor of Philosophy (PhD)
Electrical and Computer Engineering
Jatinder N.D. Gupta
David W. Pan
David J. Coe
Thomas C. Jannett
Computer crimes., Forensic sciences., Computer security., Data protection.
The Internet is a source of information, communication and entertainment, which makes it impossible for us to imagine a world without being connected. However, there has been a tremendous growth of crimes targeting any form of digital medium. The main objective of this dissertation is to develop and empirically evaluate computational optimization models for investigating digital crime and computer/network intrusion. The first research problem considered in this dissertation relates to the Crime Scene Investigation (CSI) in digital forensics. First, a mixed integer linear programming (MILP) model is proposed to allocate optimal investigation times for evidence, thereby maximizing the overall effectiveness of a forensic investigation procedure. Second, since the proposed general problems are NP-hard, two heuristic algorithms for the sequential digital forensic model with a single investigator and one heuristic algorithm for the sequential digital forensic model with multiple investigators are proposed and empirically evaluated to solve the described general problems. The second research problem addressed in this dissertation involves the investigation of alarms generated by an Intrusion Detection System (IDS) with limited resources. One of the significant challenges presented by IDSs is how network managers prioritize and commit resources to investigating IDS notifications (alarms) of potential threats to the network. In this dissertation, the passive IDS alarm investigation problem is modeled using MILP. More specifically, the model focuses on minimizing the total expected cost incurred by a firm in investigating IDS alarms by assisting a security administrator in making an optimal decision with which to choose: the alarms that need to be investigated and the sequence in which they should be investigated. To simplify the presentation, the case involving a single investigator is considered, even though the analysis can be extended to cover multiple investigators. In view of the NP-hard nature of the problem, a greedy heuristic algorithm is proposed and empirically evaluated to solve the described general problem.
Kalaimannan, Ezhil Selvam, "Computational optimization models for investigating digital crime and intrusion detection alarms" (2014). Dissertations. 42.