An investigation of digital forensics for shamoon attack behaviour in fog computing and threat intelligence for incident response

Cyber related crimes are increasing nowadays. Thus digital forensics has been employed in solving cybercrimes. Several researches have been done where they have analysed cyber related attacks, malware types, etc. Researches based on studying and analysing Advanced Persistent Threats (APTs), especially Shamoon attack. This research has been done in order to study and analyse the attacking behaviour of Shamoon malware in fog computing using FPSO (Frequency Particles Swarm Optimization) based on Travelling Salesman approach (TSP). In this proposed system, fog nodes are initiated where the nodes delivers three types of data namely industrial, medical and educational data. Secondly Shamoon attack is created followed by distance matrix evaluation. As the Shamoon attack focuses on attacking industrial data, the attack distribution movement focuses mainly on industrial data. After the evaluation, priorities of the particles should be assigned randomly. Once FPSO parameters are initialized, objective function of every particle is evaluated. The FPSO mechanism implements the working procedure of TSP. Under the FPSO mechanism, swap and insertion operations are performed. In order to find the best shortest path, nearest neighbouring algorithm is used, which follows evaluation of fitness function. After evaluation, local best lbest and global best gbest solutions are obtained. Finally, appropriate positions and velocities are updated. From the resultant optimum path, the distribution of Shamoon attack movement can be analysed. The performance of this proposed system has been evaluated by estimating the fitness value, best cost. The attack distribution of Shamoon data has been observed. Then finally a threat intelligence scheme is proposed for the investigating and analysis behaviour and spread of Shamoon attacks in edges of Fog computing.