CRITiCaL - Combatting cRiminals In The CLoud

The Cloud is an emerging technology that offers democratic access to computing power, data storage, software and services often for a small pay-per-use cost. Like any new technology, the Cloud has potential for great good, but in the wrong hands can facilitate criminal activity.

Within this project, we seek to understand the different types of crime that can happen in the Cloud, build systems that will allow the detection of this criminal behaviour and enable the use of digital evidence to lead to successful prosecution of Cloud crime perpetrators.

In order to achieve this goal, we are forming a truly inter-disciplinary research centre leveraging the strengths of Durham, Leeds and Newcastle Universities. Bringing together the strengths of Leeds in criminology and law, Durham in law and ethics along with the strengths of Newcastle in the areas of (computer) systems security, artificial intelligence, data mining and psychology.

We are convinced that Cloud crime can only be detected and tackled by such a truly inter-disciplinary centre. Such a centre will actively create the research foundations for successful computational methods in crime detection, combined with good user engagement, generating research that can cross disciplines and directly inform public policy, police and prosecution practices and transform public understanding of Cloud crime.

This will involve development of a true understanding of what crime can be conducted on the Cloud. Facilitated through the development of cloud crime scripts, defining the activities of a criminal act will aid discussion between the different disciplines and must be presentable in a format understandable by our key stakeholders: Cloud providers/users/developers, law enforcement agencies and the criminal justice system.

The detection of criminal activity in the cloud requires the integration of heterogeneous sensors, aggregation and analysis techniques, where we draw upon existing expertise in cloud security assurance (Gross, IBM), host monitoring and anomaly detection Ben-ware (McGough, Wall, DSTL), and fuzzy search on unstructured data, intrusion detection and analysis (Nifty, Yan).

We propose combining the systems expertise with complementary techniques in artificial intelligence, including data mining (McGough), behaviour machine learning, anomaly detection (Ploetz) and hierarchical machine learning and knowledge extraction (Bacardit).

This portfolio gives raise to multiple means to derive and combine intelligence, present bespoke visualizations, situational awareness, grammar or language generation for the cloud crime scripts. Thus allowing the centre to tailor the intelligence, and its presentation, to a given stakeholders needs.

We propose using additional human computation and crowd sourcing techniques to reduce the number of situations where the system incorrectly identifies a criminal act. The use of human computation and crowd sourcing will also allow us to hone the machine learning system, developing a suite of hybrid techniques that, together, will improve cloud crime detection but will frame the results in such a way as to support subsequent crown prosecution processes. This latter achievement will require expertise in the disciplines of criminology, forensic sciences, law and ethics and will require collaboration with police forces throughout the UK and Action Fraud.

In addition we will bring in relevant work around (i) forensic psychology (Oxburgh) that will deliver case-sensitive interview and investigative procedures for witnesses, victims and investigators; (ii) prosecution procedures that will ensure that evidence going to court is not compromised by intelligence gathering methodologies and (iii) prevention of under-reporting of Cloud crime and improvement of public understanding and confidence.

Project website

https://northerncloudcrimecentre.org