TY - JOUR
T1 - Transformer-Based Named Entity Recognition on Drone Flight Logs to Support Forensic Investigation
AU - Silalahi, Swardiantara
AU - Ahmad, Tohari
AU - Studiawan, Hudan
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2023
Y1 - 2023
N2 - The increase in drone usage by the public brings the number of drone incident and attack up. Sophisticated preventive mechanisms, as well as post-incident procedures and frameworks, are needed. Forensic investigation is performed upon a drone incident, aiming to uncover the incident scenario, mitigate the risk and report the examination results. Generally, standard drone forensic procedure consists of three stages, i.e., evidence acquisition, evidence analysis, and reporting. Among the existing research, many attempts have been made in framework proposal and evaluation, study case, and tools proposal and evaluation. However, less research focuses on utilizing specific data artifacts from the drone forensic image, such as telemetry, dataflash, and flight log data. Therefore, this research aims to propose the use of log message data to discover and extract some incident-related information using a deep learning-based NLP technique, i.e., named entity recognition using the Transformer. Cosine similarity is proposed as a substitute for dot-product in the self-Attention mechanism of the Transformer encoder layer. Additionally, we propose NER architecture built from a mix of several existing methods and report the performance evaluation. We extract the DJI drone forensic image from a publicly available dataset using Autopsy and DJI Phantom Help and collect the decrypted log messages. Six entity types are defined after carefully reading the log message. These entity types are used in the manual annotation process using the IOB2 scheme as the label. The constructed dataset is used to evaluate the proposed model along with several baseline models. The proposed method outperforms the previous baseline model with a 91.348% F1 score. Finally, we conclude the experiment and mention several future directions.
AB - The increase in drone usage by the public brings the number of drone incident and attack up. Sophisticated preventive mechanisms, as well as post-incident procedures and frameworks, are needed. Forensic investigation is performed upon a drone incident, aiming to uncover the incident scenario, mitigate the risk and report the examination results. Generally, standard drone forensic procedure consists of three stages, i.e., evidence acquisition, evidence analysis, and reporting. Among the existing research, many attempts have been made in framework proposal and evaluation, study case, and tools proposal and evaluation. However, less research focuses on utilizing specific data artifacts from the drone forensic image, such as telemetry, dataflash, and flight log data. Therefore, this research aims to propose the use of log message data to discover and extract some incident-related information using a deep learning-based NLP technique, i.e., named entity recognition using the Transformer. Cosine similarity is proposed as a substitute for dot-product in the self-Attention mechanism of the Transformer encoder layer. Additionally, we propose NER architecture built from a mix of several existing methods and report the performance evaluation. We extract the DJI drone forensic image from a publicly available dataset using Autopsy and DJI Phantom Help and collect the decrypted log messages. Six entity types are defined after carefully reading the log message. These entity types are used in the manual annotation process using the IOB2 scheme as the label. The constructed dataset is used to evaluate the proposed model along with several baseline models. The proposed method outperforms the previous baseline model with a 91.348% F1 score. Finally, we conclude the experiment and mention several future directions.
KW - Digital forensics
KW - conditional random fields
KW - drone flight log
KW - drone forensics
KW - infrastructure
KW - log mining
KW - named entity recognition
KW - transformer encoder
UR - http://www.scopus.com/inward/record.url?scp=85147214749&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2023.3234605
DO - 10.1109/ACCESS.2023.3234605
M3 - Article
AN - SCOPUS:85147214749
SN - 2169-3536
VL - 11
SP - 3257
EP - 3274
JO - IEEE Access
JF - IEEE Access
ER -