Digital Forensics Analysis of IoT Nodes using Machine Learning

Authors

  • M Zeeshan Arshad Department of Cybersecurity, Faculty of Computing & AI, Air University, Islamabad, 44000, Pakistan.
  • Hameedur Rahman Department of Computer Games Development, Faculty of Computing & AI, Air University, Islamabad, 44000, Pakistan.
  • Junaid Tariq Department of Computer Science, National University of Modern Languages, Rawalpindi, 43600, Pakistan.
  • Adnan Riaz Department of Creative Technologies, Faculty of Computing & AI, Air University, Islamabad, 44000, Pakistan.
  • Azhar Imran Department of Creative Technologies, Faculty of Computing & AI, Air University, Islamabad, 44000, Pakistan.
  • Amanullah Yasin Department of Creative Technologies, Faculty of Computing & AI, Air University, Islamabad, 44000, Pakistan.
  • Imran Ihsan Department of Creative Technologies, Faculty of Computing & AI, Air University, Islamabad, 44000, Pakistan.

DOI:

https://doi.org/10.56979/401/2022/107

Keywords:

Cyber Security, Node-to-Node, Forensic analysis, Machine learning, Cyber attacks, Internet of things (IoT)

Abstract

With the versatility and exponential growth of IoT solutions, the probability of being attacked has increased. Resource constraint IoT devices raised a challenge for the security handler to track logs of different variety of attacks generated on them while performing the forensic analysis. Commonly forensic analysis is performed on the devices that calculate how much loss has occurred to the device due to the diversity of attacks. The main objective of this paper to develop a framework through which secueity can perfrom the forensic analysis on resource contraint IoT devices. In this paper, we have proposed a framework that intelligently performs forensic analysis and detects the different types of attacks performed on the endpoint (IoT device) using a node to node (N2N) framework. Furthermore, this proposed solution is a blend of different forensic tools and Machine learning techniques to identify different types of attacks. Using a third-party log server, the problem of evidence recovery from the endpoint under attack is addressed. To determine the nature and effect of the attack we have used the logs by using the security onion (forensic server). Additionally, this framework is equipped to automatically detect attacks by using the different machine learning algorithms. The efficiency of machine learning models is measured upon the values of (1) Accuracy, (2) Precision, (3) Recall, and (4) F-Measure. The results show that the decision tree algorithm stands out with the optimum performance compared to other ML models. Overall this framework can be used for the secuirty of IoT devices as well as the evidence collection from the IoT endpoint. For the validation of the proposed framework more detailed results and performance, analysis is presented in this paper.

Downloads

Published

2022-12-29

How to Cite

M Zeeshan Arshad, Hameedur Rahman, Junaid Tariq, Adnan Riaz, Azhar Imran, Amanullah Yasin, & Imran Ihsan. (2022). Digital Forensics Analysis of IoT Nodes using Machine Learning. Journal of Computing & Biomedical Informatics, 4(01), 1–12. https://doi.org/10.56979/401/2022/107