{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T22:27:41Z","timestamp":1777415261641,"version":"3.51.4"},"reference-count":35,"publisher":"Walter de Gruyter GmbH","issue":"1","license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5,16]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>The cloud market is growing every day. So are cloud crimes. To investigate crimes that happen in a cloud environment, an investigation is carried out adhering to the court of law. Forensics investigations require evidence from the cloud. Evidence acquisition in the cloud requires formidable efforts because of physical inaccessibility and the lack of cloud forensics tools. Time is very crucial in any forensic investigation. If the evidence is preserved before the cloud forensic investigation, it can give the investigators a head start. To identify and preserve such potential evidence in the cloud, we propose a system with an artificial intelligence (AI)-based agent, equipped for binary classification that monitors and profiles the virtual machine (VM) from hypervisor level activities. The proposed system classifies and preserves evidence data generated in the cloud. The evidence repository module of the system uses a novel blockchain model approach to maintain the data provenance. The proposed system works at the hypervisor level, which makes it robust for anti-forensics techniques in the cloud. The proposed system identifies potential evidence reducing the effective storage space requirement of the evidence repository. Data provenance incorporated in the proposed system reduces trust dependencies on the cloud service provider (CSP).<\/jats:p>","DOI":"10.1515\/comp-2022-0241","type":"journal-article","created":{"date-parts":[[2022,5,16]],"date-time":"2022-05-16T09:54:53Z","timestamp":1652694893000},"page":"154-170","source":"Crossref","is-referenced-by-count":4,"title":["BiSHM: Evidence detection and preservation model for cloud forensics"],"prefix":"10.1515","volume":"12","author":[{"given":"Prasad","family":"Purnaye","sequence":"first","affiliation":[{"name":"School of Computer Engineering, MIT World Peace University , Pune , India"}]},{"given":"Vrushali","family":"Kulkarni","sequence":"additional","affiliation":[{"name":"School of Computer Engineering, MIT World Peace University , Pune , India"}]}],"member":"374","published-online":{"date-parts":[[2022,5,16]]},"reference":[{"key":"2022081707553228561_j_comp-2022-0241_ref_001","unstructured":"Gartner. Gartner forecasts worldwide public cloud revenue to grow 17.5 percent in 2019. [Online]. 2019. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2019-04-02-gartner-forecasts-worldwide-public-cloud-revenue-to-g"},{"key":"2022081707553228561_j_comp-2022-0241_ref_002","doi-asserted-by":"crossref","unstructured":"M. M. H. Onik, C. S. Kim, N. Y. Lee, and J. Yang, \u201cPrivacy-aware blockchain for personal data sharing and tracking,\u201d Open. Computer Sci., vol. 9, pp. 80\u201391, 2019.","DOI":"10.1515\/comp-2019-0005"},{"key":"2022081707553228561_j_comp-2022-0241_ref_003","doi-asserted-by":"crossref","unstructured":"D. Quick and K.-K. R. Choo, \u201cIoT device forensics and data reduction,\u201d IEEE Access, vol. 6, pp. 47566\u201347574, 2018.","DOI":"10.1109\/ACCESS.2018.2867466"},{"key":"2022081707553228561_j_comp-2022-0241_ref_004","doi-asserted-by":"crossref","unstructured":"Y. Wu, Z. Zhang, C. Wu, C. Guo, Z. Li, and F. Lau, \u201cOrchestrating bulk data transfers across geo-distributed datacenters,\u201d IEEE Trans. Cloud Comput., vol. 5, no. 1, pp. 112\u2013125, 2015.","DOI":"10.1109\/TCC.2015.2389842"},{"key":"2022081707553228561_j_comp-2022-0241_ref_005","doi-asserted-by":"crossref","unstructured":"A. Aldribi, I. Traor\u00e9, B. Moa, and O. Nwamuo, \u201cHypervisor-based cloud intrusion detection through online multivariate statistical change tracking,\u201d Computers Sec., vol. 88, p. 101646, 2020.","DOI":"10.1016\/j.cose.2019.101646"},{"key":"2022081707553228561_j_comp-2022-0241_ref_006","doi-asserted-by":"crossref","unstructured":"K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, \u201cA survey on machine learning techniques for cyber security in the last decade,\u201d IEEE Access, vol. 8, pp. 222310\u2013222354, 2020.","DOI":"10.1109\/ACCESS.2020.3041951"},{"key":"2022081707553228561_j_comp-2022-0241_ref_007","unstructured":"Trustwave global Security Report 2015. https:\/\/www2.trustwave.com\/rs\/815-RFM-693\/images\/2015_TrustwaveGlobalSecurityReport.pdf."},{"key":"2022081707553228561_j_comp-2022-0241_ref_008","doi-asserted-by":"crossref","unstructured":"A. T. Lo\u2019ai and G. Saldamli, \u201cReconsidering big data security and privacy in cloud and mobile cloud systems,\u201d J. King Saud. Univ-Computer Inf. Sci., vol. 33, no. 7, pp. 810\u2013819, 2021.","DOI":"10.1016\/j.jksuci.2019.05.007"},{"key":"2022081707553228561_j_comp-2022-0241_ref_009","doi-asserted-by":"crossref","unstructured":"Z. Inayat, A. Gani, N. B. Anuar, S. Anwar, and M. K. Khan, \u201cCloud-based intrusion detection and response system: open research issues, and solutions,\u201d Arab. J. Sci. Eng., vol. 42, pp. 399\u2013423, 2017.","DOI":"10.1007\/s13369-016-2400-3"},{"key":"2022081707553228561_j_comp-2022-0241_ref_010","doi-asserted-by":"crossref","unstructured":"M. Compasti\u00e9, R. Badonnel, O. Festor, and R. Hev \u201cFrom virtualization security issues to cloud protection opportunities: An in-depth analysis of system virtualization models,\u201d Computers Sec., vol. 97, p. 101905, 2020.","DOI":"10.1016\/j.cose.2020.101905"},{"key":"2022081707553228561_j_comp-2022-0241_ref_011","doi-asserted-by":"crossref","unstructured":"G. Meera, B. K. S. P. Kumar Raju Alluri, and G. Geethakumari, \u201cCEAT: a cloud evidence acquisition tool for aiding forensic investigations in cloud systems,\u201d Int. J. Trust. Manag. Comput. Commun., vol. 3, no. 34, pp. 360\u2013372, 2016.","DOI":"10.1504\/IJTMCC.2016.084562"},{"key":"2022081707553228561_j_comp-2022-0241_ref_012","doi-asserted-by":"crossref","unstructured":"D. Gonzales, J. M. Kaplan, E. Saltzman, Z. Winkelman, and D. Woods, \u201cCloud-trust\u2009\u2013\u2009A security assessment model for infrastructure as a service (IaaS) clouds,\u201d IEEE Trans. Cloud Comput., vol. 5, no. 3, pp. 523\u2013536, 2015.","DOI":"10.1109\/TCC.2015.2415794"},{"key":"2022081707553228561_j_comp-2022-0241_ref_013","doi-asserted-by":"crossref","unstructured":"A. Atamli, G. Petracca, and J. Crowcroft, \u201cIO-Trust: an out-of-band trusted memory acquisition for intrusion detection and forensics investigations in cloud IOMMU based systems,\u201d Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019.","DOI":"10.1145\/3339252.3340511"},{"key":"2022081707553228561_j_comp-2022-0241_ref_014","doi-asserted-by":"crossref","unstructured":"Z. Qi, C. Xiang, R. Ma, J. Li, H. Guan, and D. S. L. Wei. \u201cForenVisor: A tool for acquiring and preserving reliable data in cloud live forensics,\u201d IEEE Trans. Cloud Comput., vol. 5, no. 3, pp. 443\u2013456, 2016.","DOI":"10.1109\/TCC.2016.2535295"},{"key":"2022081707553228561_j_comp-2022-0241_ref_015","doi-asserted-by":"crossref","unstructured":"L. A. Holt and M. Hammoudeh, \u201cCloud forensics: A technical approach to virtual machine acquisition,\u201d 2013 European Intelligence and Security Informatics Conference, IEEE, 2013.","DOI":"10.1109\/EISIC.2013.59"},{"key":"2022081707553228561_j_comp-2022-0241_ref_016","doi-asserted-by":"crossref","unstructured":"S. Zawoad, R. Hasan, and A. Skjellum, \u201cOCF: an open cloud forensics model for reliable digital forensics,\u201d 2015 IEEE 8th International Conference on Cloud Computing, IEEE, 2015.","DOI":"10.1109\/CLOUD.2015.65"},{"key":"2022081707553228561_j_comp-2022-0241_ref_017","doi-asserted-by":"crossref","unstructured":"S. Simou, C. Kalloniatis, H. Mouratidis, and S. Gritzalis, A Meta-model for Assisting a Cloud Forensics Process, vol. 9572, Springer Verlag, 2016, pp. 177\u2013187.","DOI":"10.1007\/978-3-319-31811-0_11"},{"key":"2022081707553228561_j_comp-2022-0241_ref_018","doi-asserted-by":"crossref","unstructured":"S. Khan, A. Gani, AWA Wahab, M. A. Bagiwa, M. Shiraz, S. U. Khan, et al., \u201cCloud log forensics: Foundations, state of the art, and future directions,\u201d ACM Comput. Surv. (CSUR), vol. 49, no. 1, pp. 1\u201342, 2016.","DOI":"10.1145\/2906149"},{"key":"2022081707553228561_j_comp-2022-0241_ref_019","doi-asserted-by":"crossref","unstructured":"P. Purnaye and V. Kulkarni, \u201cA Comprehensive study of cloud forensics,\u201d Arch. Comput. Methods Eng., vol. 29, pp. 1\u201314, 2021.","DOI":"10.1007\/s11831-021-09575-w"},{"key":"2022081707553228561_j_comp-2022-0241_ref_020","doi-asserted-by":"crossref","unstructured":"W. D. Ashley, Foundations of Libvirt Development, New york: Apress, 2019.","DOI":"10.1007\/978-1-4842-4862-1"},{"key":"2022081707553228561_j_comp-2022-0241_ref_021","unstructured":"S. Russell, P. Norvig, and E. Davis, Artificial Intelligence: A Modern Approach, 3rd ed., Upper Saddle River, NJ, Prentice Hall, 2010. Print."},{"key":"2022081707553228561_j_comp-2022-0241_ref_022","doi-asserted-by":"crossref","unstructured":"N. Rakotondravony, B. Taubmann, W. Mandarawi, E. Weish\u00e4upl, P. Xu, B. Kolosnjaji, et al., \u201cClassifying malware attacks in IaaS cloud environments,\u201d J. Cloud Comput., vol. 6, pp. 1\u201312, 2017.","DOI":"10.1186\/s13677-017-0098-8"},{"key":"2022081707553228561_j_comp-2022-0241_ref_023","doi-asserted-by":"crossref","unstructured":"G. Guo, H. Wang, D. Bell, Y. Bi, and K. Greer, et al., \u201cKNN model-based approach in classification.\u201d OTM Confederated International Conferences \u201cOn the Move to Meaningful Internet Systems,\u201d Berlin, Heidelberg, Springer, pp. 986\u2013996, 2003.","DOI":"10.1007\/978-3-540-39964-3_62"},{"key":"2022081707553228561_j_comp-2022-0241_ref_024","doi-asserted-by":"crossref","unstructured":"A. Hamoudzadeh and S. Behzadi, \u201cPredicting user\u2019s next location using machine learning algorithms,\u201d Spat. Inf. Res., vol. 29, pp. 379\u2013387, 2021.","DOI":"10.1007\/s41324-020-00358-2"},{"key":"2022081707553228561_j_comp-2022-0241_ref_025","unstructured":"H. Liu and H. Motoda, Feature Selection for Knowledge Discovery and Data Mining, Vol. 454, New York, NY, Springer Science & Business Media, 2012."},{"key":"2022081707553228561_j_comp-2022-0241_ref_026","doi-asserted-by":"crossref","unstructured":"V. Y. Kulkarni, P. K. Sinha, and M. C. Petare, \u201cWeighted hybrid decision tree model for random forest classifier,\u201d J. Inst. Eng. (India): Ser. B, vol. 97, pp. 209\u2013217, 2016.","DOI":"10.1007\/s40031-014-0176-y"},{"key":"2022081707553228561_j_comp-2022-0241_ref_027","doi-asserted-by":"crossref","unstructured":"W.-Z. Zhang, H.-C. Xie, and C.-H. Hsu, \u201cAutomatic memory control of multiple virtual machines on a consolidated server,\u201d IEEE Trans. Cloud Comput., vol. 5, no. 1, pp. 2\u201314, 2015.","DOI":"10.1109\/TCC.2014.2378794"},{"key":"2022081707553228561_j_comp-2022-0241_ref_028","doi-asserted-by":"crossref","unstructured":"M. Pourvahab and G. Ekbatanifard, \u201cDigital forensics architecture for evidence collection and provenance preservation in iaas cloud environment using sdn and blockchain technology,\u201d IEEE Access, vol. 7, pp. 153349\u2013153364, 2019.","DOI":"10.1109\/ACCESS.2019.2946978"},{"key":"2022081707553228561_j_comp-2022-0241_ref_029","doi-asserted-by":"crossref","unstructured":"K. DeviPriya and S. Lingamgunta, \u201cMulti factor two-way hash-based authentication in cloud computing,\u201d Int. J. Cloud Appl. Comput. (IJCAC), vol. 10.2, pp. 56\u201376, 2020.","DOI":"10.4018\/IJCAC.2020040104"},{"key":"2022081707553228561_j_comp-2022-0241_ref_030","doi-asserted-by":"crossref","unstructured":"P. Kalyanaraman, K. R. Jothi, P. Balakrishnan, R. G. Navya, A. Shah, and V. Pandey, \u201cImplementing hadoop container migrations in OpenNebula private Cloud Environment,\u201d Role Edge Analytics Sustainable Smart City Development: Challenges and Solutions. USA, Wiley, pp. 85\u2013103, 2020.","DOI":"10.1002\/9781119681328.ch5"},{"key":"2022081707553228561_j_comp-2022-0241_ref_031","unstructured":"P. Purnaye and V. Kulkarni, \u201cOpenNebula virtual machine profiling for intrusion detection system,\u201d IEEE Dataport, 2020, 10.21227\/24mb-vt61."},{"key":"2022081707553228561_j_comp-2022-0241_ref_032","unstructured":"P. Purnaye and V. Kulkarni, \u201cMemory dumps of virtual machines for cloud forensics,\u201d IEEE Dataport, 2020, 10.21227\/ft6c-2915."},{"key":"2022081707553228561_j_comp-2022-0241_ref_033","unstructured":"T. Ito, Y. Kim, and N. Fukuta. I. C. Society, I. A. for Computer Information Science, I. of Electrical, and E. Engineers, 2015 IEEE\/ACIS 14th International Conference on Computer and Information Science (ICIS): Proceedings: June 28\u2013July 1, 2015, Las Vegas, USA."},{"key":"2022081707553228561_j_comp-2022-0241_ref_034","doi-asserted-by":"crossref","unstructured":"W. Kirch, \u201cPearson\u2019s correlation coefficient,\u201d Encycl. Public. Health, vol. 1, pp. 1090\u20131091, 2008.","DOI":"10.1007\/978-1-4020-5614-7_2569"},{"key":"2022081707553228561_j_comp-2022-0241_ref_035","doi-asserted-by":"crossref","unstructured":"F. Fabris and A. A. Freitas, \u201cAnalysing the overfit of the auto-sklearn automated machine learning tool,\u201d International Conference on Machine Learning, Optimization, and Data Science, Cham, Springer, 2019.","DOI":"10.1007\/978-3-030-37599-7_42"}],"container-title":["Open Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/comp-2022-0241\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/comp-2022-0241\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,17]],"date-time":"2022-08-17T07:58:30Z","timestamp":1660723110000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/comp-2022-0241\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,1]]},"references-count":35,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2022,3,16]]},"published-print":{"date-parts":[[2022,3,16]]}},"alternative-id":["10.1515\/comp-2022-0241"],"URL":"https:\/\/doi.org\/10.1515\/comp-2022-0241","relation":{},"ISSN":["2299-1093"],"issn-type":[{"value":"2299-1093","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,1]]}}}