Cloud computing is becoming a prominent service model of computing platforms offering resources to all categories of users on-demand. On the other side, cloud environment is vulnerable to many criminal activities too. Investigating the cloud crimes is the need of the hour. Anti-forensic attack in cloud is an attack which specifically aims to scuttle the cloud forensic process. Though many researchers proposed various cloud forensic approaches, detecting cloud anti-forensic attack still remains a challenge as it hinders every step of forensic process. In this paper, we propose a three stage system for the detection of cloud anti-forensic attack with a well defined sequence of tasks in which the process of identifying the suspicious packets plays the major part. Every packet affected with any kind of cloud attack is labeled as suspicious packet and such packets are marked to traceback anti-forensic attack. The main focus of this paper is to deploy such a mechanism to identify the suspicious packets in cloud environment. To categorize the type of attack that affected the packet, both signature analysis and anomaly detection at cloud layers are applied in our proposed approach. The proposed anomaly detection approach is tested on NSL-KDD dataset. The experimental results show that the accuracy of the proposed approach is high compared to the existing approaches.

云计算正在成为计算平台的一种重要服务模型，可按需为所有类别的用户提供资源。另一方面，云环境也容易受到许多犯罪活动的攻击。调查云犯罪是一个小时的需要。云中的取证攻击是一种专门旨在破坏云取证过程的攻击。尽管许多研究人员提出了各种云法证方法，但是检测云法医攻击仍然是一个挑战，因为它阻碍了法证过程的每个步骤。在本文中，我们提出了一个三阶段系统，用于以明确定义的任务序列检测云反法医攻击，其中识别可疑数据包的过程起着主要作用。受任何类型的云攻击影响的每个数据包都被标记为可疑数据包，并且这些数据包被标记为追溯反取证攻击。本文的主要重点是部署这样一种机制，以识别云环境中的可疑数据包。为了对影响数据包的攻击类型进行分类，在我们提出的方法中同时应用了签名分析和云层的异常检测。在NSL-KDD数据集上测试了提出的异常检测方法。实验结果表明，与现有方法相比，该方法的准确性较高。在我们提出的方法中应用了签名分析和云层的异常检测。在NSL-KDD数据集上测试了提出的异常检测方法。实验结果表明，与现有方法相比，该方法的准确性较高。在我们提出的方法中应用了签名分析和云层的异常检测。在NSL-KDD数据集上测试了提出的异常检测方法。实验结果表明，与现有方法相比，该方法的准确性较高。