Skip to main content
SpringerLink
Log in

On Exploring the Sub-domain of Artificial Intelligence (AI) Model Forensics

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2021)

Included in the following conference series:

Abstract

AI Forensics is a novel research field that aims at providing techniques, mechanisms, processes, and protocols for an AI failure investigation. In this paper, we pave the way towards further exploring a sub-domain of AI forensics, namely AI model forensics, and introduce AI model ballistics as a subfield inspired by forensic ballistics. AI model forensics studies the forensic investigation process, including where available evidence can be collected, as it applies to AI models and systems.

We elaborate on the background and nature of AI model development and deployment, and highlight the fact that these models can be replaced, trojanized, gradually poisoned, or fooled by adversarial input.

The relationships and the dependencies of our newly proposed sub-domain draws from past literature in software, cloud, and network forensics. Additionally, we share a use-case mini-study to explore the peculiarities of AI model forensics in an appropriate context. Blockchain is discussed as a possible solution for maintaining audit trails. Finally, the challenges of AI model forensics are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alsulami, B., Dauber, E., Harang, R., Mancoridis, S., Greenstadt, R.: Source code authorship attribution using long short-term memory based networks. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 65–82. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_6

    Chapter  Google Scholar 

  2. Amodei, D., Olah, C., Steinhardt, J., Christiano, P., Schulman, J., Mané, D.: Concrete Problems in AI Safety (2016)

    Google Scholar 

  3. Behzadan, V., Baggili, I.M.: Founding the domain of AI forensics. In: SafeAI@ AAAI, pp. 31–35 (2020)

    Google Scholar 

  4. Behzadan, V., Hsu, W.: Sequential triggers for watermarking of deep reinforcement learning policies. arXiv preprint arXiv:1906.01126 (2019)

  5. Binkley, D.: Source code analysis: a road map. In: Future of Software Engineering (FOSE 2007), pp. 104–119 (2007). https://doi.org/10.1109/FOSE.2007.27

  6. Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)

  7. Datt, S.: Learning Network Forensics. Community Experience Distilled. Packt Publishing, Birmingham (2016)

    Google Scholar 

  8. Digital Forensics Market: Market Research Firm (2018). https://www.marketsandmarkets.com/Market-Reports/digital-forensics-market-230663168.html

  9. Frantzeskou, G., MacDonell, S., Stamatatos, E.: Source code authorship analysis for supporting the cybercrime investigation process. In: Proceedings of the 1st International Conference on E-Business and Telecommunications Networks, pp. 85–92 (2004)

    Google Scholar 

  10. Grispos, G., Storer, T., Glisson, W.B.: Calm before the storm: the challenges of cloud computing in digital forensics. Int. J. Digit. Crime Forensics (IJDCF) 4(2), 28–48 (2012)

    Article  Google Scholar 

  11. Herman, M., et al.: NIST cloud computing forensic science challenges. Technical report, National Institute of Standards and Technology (2020)

    Google Scholar 

  12. Jeong, D.: Artificial intelligence security threat, crime, and forensics: taxonomy and open issues. IEEE Access 8, 184560–184574 (2020)

    Article  Google Scholar 

  13. Jiang, F., et al.: Artificial intelligence in healthcare: past, present and future. Stroke Vasc. Neurol. 2(4), 230–243 (2017). https://doi.org/10.1136/svn-2017-000101

    Article  Google Scholar 

  14. Karpisek, F., Baggili, I., Breitinger, F.: Whatsapp network forensics: decrypting and understanding the whatsapp call signaling messages. Digit. Investig. 15, 110–118 (2015). https://doi.org/10.1016/j.diin.2015.09.002. https://www.sciencedirect.com/science/article/pii/S1742287615000985

  15. Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Special Publication 800–86 10(14) (2006)

    Google Scholar 

  16. Konečný, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. CoRR abs/1610.05492 (2016). http://arxiv.org/abs/1610.05492

  17. Kurtukova, A., Romanov, A., Shelupanov, A.: Source code authorship identification using deep neural networks. Symmetry 12(12) (2020). https://doi.org/10.3390/sym12122044. https://www.mdpi.com/2073-8994/12/12/2044

  18. Levinson, J., et al.: Towards fully autonomous driving: systems and algorithms. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 163–168 (2011). https://doi.org/10.1109/IVS.2011.5940562

  19. Li, J.: Cyber security meets artificial intelligence: a survey. Front. Inf. Technol. Electron. Eng. 19(12), 1462–1474 (2018). https://doi.org/10.1631/FITEE.1800573

    Article  Google Scholar 

  20. Li, Z., Hu, C., Zhang, Y., Guo, S.: How to prove your model belongs to you. In: Proceedings of the 35th Annual Computer Security Applications Conference (2019). https://doi.org/10.1145/3359789.3359801

  21. MacDonell, S.G., Buckingham, D., Gray, A.R., Sallis, P.J.: Software forensics: extending authorship analysis techniques to computer programs. JL Inf. Sci. 13, 34–69 (2002)

    Google Scholar 

  22. Mell, P., Grance, T., et al.: The NIST definition of cloud computing. NIST Special Publication 800–145 (2011)

    Google Scholar 

  23. Mnih, V., et al.: Human-level control through deep reinforcement learning. Nature 518, 529–33 (2015). https://doi.org/10.1038/nature14236

    Article  Google Scholar 

  24. MOBILedit: Camera Ballistics. https://www.mobiledit.com/camera-ballistics

  25. Mukkamala, S., Sung, A.H.: Identifying significant features for network forensic analysis using artificial intelligent techniques. Int. J. Digit. Evid. 1, 1–17 (2003)

    Google Scholar 

  26. Nassar, M., Itani, A., Karout, M., El Baba, M., Kaakaji, O.A.S.: Shoplifting smart stores using adversarial machine learning. In: 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), pp. 1–6. IEEE (2019)

    Google Scholar 

  27. Nassar, M., Salah, K., ur Rehman, M.H., Svetinovic, D.: Blockchain for explainable and trustworthy artificial intelligence. Wiley Interdiscip. Rev. Data Mining Knowl. Discov. 10(1), e1340 (2020)

    Google Scholar 

  28. NIST: Ballistics (2021). https://www.nist.gov/ballistics

  29. Palmer, G.: A road map for digital forensic research. Technical report. DFRWS (DTRT0010-01) (2001)

    Google Scholar 

  30. PyTorch: PyTorch tutorials: saving and loading models (2017). https://pytorch.org/tutorials/beginner/saving_loading_models.html#saving-loading-model-for-inference

  31. Ruan, K., Carthy, J., Kechadi, M.T., Baggili, I.: Cloud forensics definitions and critical criteria for cloud forensic capability: an overview of survey results. Digit. Investig. 10, 34–43 (2013)

    Article  Google Scholar 

  32. Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics VII (2011). https://doi.org/10.1007/978-3-642-24212-0_3

  33. Sallis, P., Aakjaer, A., MacDonell, S.: Software forensics: old methods for a new science. In: Proceedings 1996 International Conference Software Engineering: Education and Practice, pp. 481–485. IEEE (1996)

    Google Scholar 

  34. Schneider, J., Breitinger, F.: AI forensics: did the artificial intelligence system do it? Why? (2020)

    Google Scholar 

  35. Shah, J.J., Malik, L.G.: Cloud forensics: issues and challenges. In: 6th International Conference on Emerging Trends in Engineering and Technology, pp. 138–139 (2013). https://doi.org/10.1109/ICETET.2013.44

  36. Sikos, L.F.: Packet analysis for network forensics: a comprehensive survey. Forensic Sci. Int. Digit. Investig. 32, 200892 (2020). https://doi.org/10.1016/j.fsidi.2019.200892. https://www.sciencedirect.com/science/article/pii/S1742287619302002

  37. Spafford, E.H., Weeber, S.A.: Software forensics: can we track code to its authors? Comput. Secur. 12(6), 585–595 (1993)

    Article  Google Scholar 

  38. TensorFlow: TensorFlow core: save and load models (2021). https://www.tensorflow.org/tutorials/keras/save_and_load#save_the_entire_model

  39. Tilstone, W., Tilstone, W., Savage, K., Clark, L.: Forensic Science: An Encyclopedia of History, Methods, and Techniques. ABC-CLIO (2006). https://books.google.com/books?id=zIRQOssWbaoC

  40. Wang, Z., Liu, C., Cui, X.: Evilmodel: hiding malware inside of neural network models. arXiv preprint arXiv:2107.08590 (2021)

  41. Zhang, J., et al.: Protecting intellectual property of deep neural networks with watermarking. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 159–172. Association for Computing Machinery (2018). https://doi.org/10.1145/3196494.3196550

Download references

Acknowledgements

This material is based upon work supported by the National Science Foundation under Grant Number 1921813. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Author information

Authors and Affiliations

  1. University of New Haven Cyber Forensics Research and Education Group (UNHcFREG) and Connecticut Institute of Technology (CIT), West Haven, CT, 06516, USA

    Tiffanie Edwards, Syria McCullough, Mohamed Nassar & Ibrahim Baggili

Authors
  1. Tiffanie Edwards
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Syria McCullough
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Nassar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ibrahim Baggili
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tiffanie Edwards .

Editor information

Editors and Affiliations

  1. School of Computer Science, University College Dublin, Dublin, Ireland

    Pavel Gladyshev

  2. State University of New York, University at Albany, Albany, NY, USA

    Sanjay Goel

  3. DFIR Science, Champaign, IL, USA

    Joshua James

  4. Missouri University, Rolla, MO, USA

    George Markowsky

  5. Rochester Institute of Technology, Rochester, NY, USA

    Daryl Johnson

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Edwards, T., McCullough, S., Nassar, M., Baggili, I. (2022). On Exploring the Sub-domain of Artificial Intelligence (AI) Model Forensics. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-031-06365-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-06365-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-06364-0

  • Online ISBN: 978-3-031-06365-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation