Enabling Trust in Deep Learning Models: A Digital Forensics Case Study

TL;DR

This paper presents a framework to evaluate the robustness of deep learning models used in digital forensics, demonstrating how adversarial testing can bypass existing detection methods and improve trust in forensic AI tools.

Contribution

The study introduces a domain-independent adversary testing framework for assessing the security of black-box DNNs in digital forensics, highlighting vulnerabilities and potential improvements.

Findings

Successfully bypassed detection in a commercial DNN service

Demonstrated the framework's effectiveness across different forensic domains

Identified key vulnerabilities in current DNN forensic tools

Abstract

Today, the volume of evidence collected per case is growing exponentially, to address this problem forensics investigators are looking for investigation process with tools built on new technologies like big data, cloud services, and Deep Learning (DL) techniques. Consequently, the accuracy of artifacts found also relies on the performance of techniques used, especially DL models. Recently, \textbf{D}eep \textbf{N}eural \textbf{N}ets (\textbf{DNN}) have achieved state of the art performance in the tasks of classification and recognition. In the context of digital forensics, DNN has been applied to the domains of cybercrime investigation such as child abuse investigations, malware classification, steganalysis and image forensics. However, the robustness of DNN models in the context of digital forensics is never studied before. Hence, in this research, we design and implement a domain-independent Adversary Testing Framework (ATF) to test the security robustness of black-box DNN's. By using ATF, we also methodically test a commercially available DNN service used in forensic investigations and bypass the detection, where published methods fail in control settings.