Kyle Porter

Kyle Porter

Ph.D. started in: 2017
Expected year of graduation: 2021
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Slobodan Petrovic, Katrin Franke
Links:
Research area: Digital Forensics
Project title: Detecting Dynamic Attack Patterns in Large and Diverse Data Sources
Project description: This project is done in part of the Ars Forensica project on “Computational Forensics for Large-scale Fraud Detection, Crime Investigation and Prevention”. My task in the project is to produce better algorithms for this end.

In particular, there is too much data for digital forensic analysts to process and there are ever evolving dynamic attacks which can bypass modern network intrusion detection systems. My research is about improving the accuracy and efficiency of approximate search and data reduction methods. Data reduction methods, such as fuzzy hash functions (similarity-preserving hash functions), may be used to identify relevant data for search without having to entire parse through entire volumes of data. Improved approximate pattern matching methods would return less frivolous hits from a search query. Additional benefits of improved approximate search are that it would allow for detection for dynamic attack patterns in intrusion detection with a less than typical number of false positives. These techniques may be used in concert to for digital forensic analysts to waste less time finding the evidence or information they may be looking for.

In general, the methods to accomplish are research questions are simple. Read state of the art literature related to our topics, create hypotheses for our research questions, gather theoretical background which supports our hypotheses, implement our solutions, analyze our solutions, and compare our results to the rest of the state of the art. Theoretical interests which will aid in our endeavors for improved approximate pattern matching are non-deterministic finite automata, dynamic programming matrices, bit parallelism, constrained edit-distance, bit-splitting architecture, practical heuristics, and other topics as well.

Data reduction methods such as fuzzy matching are less supported by rigorous mathematical groundings, but we investigate methods that have proven to work and are open for experimenting with novel methods. The state of the art uses techniques such as rolling hashes, non-cryptographic hashing functions, and fast algorithms for distinguishing unique data (such as functions for calculating Shannon Entropy on chunks of data).

1. Kyle Porter (2021). INTERPOL Smart City Think-a-thon Presentation: Fantasy Based on Reality
2. Kyle Porter, Rune Nordvik, Fergus Toolan, Stefan Axelsson (2021). Timestamp prefix carving for filesystem metadata extraction
3. Rune Nordvik, Kyle Porter, Fergus Toolan, Stefan Axelsson, Katrin Franke (2020). Generic Metadata Time Carving
4. Joachim Hansen, Kyle Porter, Andrii Shalaginov, Katrin Franke (2018). Comparing Open Source Search Engine Functionality, Efficiency and Effectiveness with Respect to Digital Forensic Search
5. Kyle Porter (2018). Analyzing the DarkNetMarkets subreddit for evolutions of tools and trends using LDA topic modeling
6. Kyle Porter, Slobodan Petrovic (2018). Obtaining Valuable Precision-Recall Trade-Offs for Fuzzy Searching Large E-mail Corpora
7. Kyle Porter, Slobodan Petrovic (2018). Obtaining precision-recall trade-offs in fuzzy searches of large email corpora
8. Kyle Porter, Slobodan Petrovic (2017). On Application of Constrained Edit Distance Algorithms to Cryptanalysis and Digital Forensics
9. Kyle Porter, Slobodan Petrovic (2017). On Application of Constrained Edit Distance Algorithms to Cryptanalysis and Digital Forensics