Evidence Building for Ad Click or Web Access on Cloud

  • Pankaj Kumar KeserwaniEmail author
  • Mahesh Chandra Govil
  • Pilli Emmanuel Shubhakar
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1241)


Web related illegal activities are increasing beyond expectation in recent years. Association of National Advertisers has reported that businesses lost more than $6.5 billion in 2017 due to fraudulent activities of ad frauds. Website of Github was down on 28 February, 2018 due to Distributed Denial of Services (DDoS) attack. The attack of DDoS was conducted through memcached servers. Analysis on relevant log data (web access log or ad click log) is required to identify such illegal incidents in digital forensics investigation. An evidence building methodology is proposed and implemented to generate required log data. The proof of concept is provided by coding three scripts, two in python and one in JavaScript. Virtual Machine (VM) on Amazon Web Service (AWS) has been utilized to execute one python script for log separation. Second python script is executed on client database server to store fingerprint of each click or web access. Fingerprint is a generated hash value unique for each device accessing a website or clicking an advertisement (ad). The third JavaScript code is to be embedded in client web page(s) or ad. The verification of log data has also been discussed with the help of fingerprints. The verification process allows regenerating the fingerprints of log data stored in AWS data store. The regenerated fingerprints are being matched with fingerprints stored in client’s database server. The proposed methodology can identify malicious intention of the cloud service provider (CSP) or the investigator or attacker. The proposed methodology can be extended to cloud forensics.


Cloud computing web access Ad click Evidence Forensic Virtual Machine (VM) Amazon Web Service (AWS) 


  1. 1.
    The legal concept of evidence (stanford encyclopedia of philosophy). Accessed 12 Sept 2018
  2. 2.
    Accorsi, R.: On the relationship of privacy and secure remote logging in dynamic systems. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds.) SEC 2006. IIFIP, vol. 201, pp. 329–339. Springer, Boston, MA (2006). Scholar
  3. 3.
    Anwar, F., Anwar, Z., et al.: Digital forensics for eucalyptus. In: 2011 Frontiers of Information Technology, pp. 110–116. IEEE (2011)Google Scholar
  4. 4.
    Battistoni, R., Di Pietro, R., Lombardi, F.: Cure-towards enforcing a reliable timeline for cloud forensics: model, architecture, and experiments. Comput. Commun. 91, 29–43 (2016)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, Computer Science and Engineering Department, University of California (1997)Google Scholar
  6. 6.
    Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003). Scholar
  7. 7.
    Bhattacharya, S.S., et al.: Systems and methods for log generation and log obfuscation using SDKs, uS Patent 9,411,708, 9 August 2016Google Scholar
  8. 8.
    Birk, D., Wegener, C.: Technical issues of forensic investigations in cloud computing environments. In: 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 1–10. IEEE (2011)Google Scholar
  9. 9.
    Dykstra, J., Sherman, A.T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digit. Invest. 9, S90–S98 (2012)CrossRefGoogle Scholar
  10. 10.
    Dykstra, J., Sherman, A.T.: Design and implementation of frost: digital forensic tools for the openstack cloud computing platform. Digit. Invest. 10, S87–S95 (2013)CrossRefGoogle Scholar
  11. 11.
    Hamooni, H., Debnath, B., Xu, J., Zhang, H., Jiang, G., Mueen, A.: LogMine: fast pattern recognition for log analytics. In: Proceedings of the 25th ACM International on Conference on Information and Knowledge Management, pp. 1573–1582. ACM (2016)Google Scholar
  12. 12.
    Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian workshops on Grid computing and e-research-Volume 54, pp. 203–211. Australian Computer Society, Inc. (2006)Google Scholar
  13. 13.
    Karande, V., Bauman, E., Lin, Z., Khan, L.: SGX-Log: securing system logs with SGX. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 19–30. ACM (2017)Google Scholar
  14. 14.
    Kraenzel, C.J., Immerman, J.D., Mills, W.A., Lu, J.J.: System and method for developing and administering web applications and services from a workflow, enterprise, and mail-enabled web application server and platform, uS Patent 9,805,337, 31 October 2017Google Scholar
  15. 15.
    Kurakami, H.: Log analyzing device, information processing method, and program, uS Patent 9,860,278, 2 January 2018Google Scholar
  16. 16.
    Lee, J.H.: Client session blocking method and apparatus of web application server, uS Patent App. 15/798,639, 3 May 2018Google Scholar
  17. 17.
    Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage (TOS) 5(1), 2 (2009)Google Scholar
  18. 18.
    Marty, R.: Cloud application logging for forensics. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 178–184. ACM (2011)Google Scholar
  19. 19.
    Mell, P., Grance, T.: National institute of standards and technology. The NIST definition of cloud computing, 2011Google Scholar
  20. 20.
    Mell, P., Grance, T.: Nist cloud computing forensic science challenges. Draft Nistir 8006 (2014)Google Scholar
  21. 21.
    Moh, M., Pininti, S., Doddapaneni, S., Moh, T.S.: Detecting web attacks using multi-stage log analysis. In: 2016 IEEE 6th International Conference on Advanced Computing (IACC), pp. 733–738. IEEE (2016)Google Scholar
  22. 22.
    Muthurajkumar, S., Ganapathy, S., Vijayalakshmi, M., Kannan, A.: Secured temporal log management techniques for cloud. Procedia Comput. Sci. 46, 589–595 (2015)CrossRefGoogle Scholar
  23. 23.
    Nagarajan, A., Varadharajan, V.: Dynamic trust enhanced security model for trusted platform based services. Future Gener. Comput. Syst. 27(5), 564–573 (2011)CrossRefGoogle Scholar
  24. 24.
    Neelima, G., Rodda, S.: Predicting user behavior through sessions using the web log mining. In: 2016 International Conference on Advances in Human Machine Interaction (HMI), pp. 1–5. IEEE (2016)Google Scholar
  25. 25.
    Patrascu, A., Patriciu, V.V.: Logging system for cloud computing forensic environments. J. Control Eng. Appl. Inform. 16(1), 80–88 (2014)Google Scholar
  26. 26.
    Pichan, A., Lazarescu, M., Soh, S.T.: Cloud forensics: technical challenges, solutions and comparative analysis. Digit. Invest. 13, 38–57 (2015)CrossRefGoogle Scholar
  27. 27.
    Plante, J.: Vehicle event recorders with integrated web server, uS Patent 8,996,240, 31 March 2015Google Scholar
  28. 28.
    Raju, B., Moharil, B., Geethakumari, G.: FaaSeC: enabling forensics-as-a-service for cloud computing systems. In: Proceedings of the 9th International Conference on Utility and Cloud Computing, pp. 220–227. ACM (2016)Google Scholar
  29. 29.
    Reilly, D., Wren, C., Berry, T.: Cloud computing: pros and cons for computer forensic investigations. Int. J. Multimedia Image Proces. (IJMIP) 1(1), 26–34 (2011)CrossRefGoogle Scholar
  30. 30.
    Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2011. IAICT, vol. 361, pp. 35–46. Springer, Heidelberg (2011). Scholar
  31. 31.
    Semba, S.: Communication terminal and secure log-in method acquiring password from server using user id and sensor data, uS Patent 9,479,496, 25 October 2016Google Scholar
  32. 32.
    Swapna, A., Guptha, K.G., Geetha, K.: Efficient approach for web search personalization in user behavior supported web server log files using web usage mining (2017)Google Scholar
  33. 33.
    Thorpe, S., Ray, I.: Detecting temporal inconsistency in virtual machine activity timelines. J. Inf. Assur. Secur. 7(1) (2012)Google Scholar
  34. 34.
    Yavuz, A.A., Ning, P.: BAF: an efficient publicly verifiable secure audit logging scheme for distributed systems. In: 2009 Annual Computer Security Applications Conference, pp. 219–228. IEEE (2009)Google Scholar
  35. 35.
    Zawoad, S., Dutta, A., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secure Comput. 1, 1–1 (2016)Google Scholar
  36. 36.
    Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 219–230. ACM (2013)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Pankaj Kumar Keserwani
    • 1
    Email author
  • Mahesh Chandra Govil
    • 1
  • Pilli Emmanuel Shubhakar
    • 2
  1. 1.Department of Computer Science and EngineeringNational Institute of Technology SikkimSouth SikkimIndia
  2. 2.Department of Computer Science and EngineeringMalaviya National Institute of Technology JaipurJaipurIndia

Personalised recommendations