Explore open access research and scholarly works from STORE - University of Staffordshire Online Repository

Advanced Search

An Internet of Things Forensics Framework Validated by Machine Learning

Lutta, Pantaleon (2024) An Internet of Things Forensics Framework Validated by Machine Learning. Doctoral thesis, Staffordshire University.

[thumbnail of Thesis submitted in partial fulfilment of the requirements of Staffordshire University for the degree of Doctor of Philosophy]
Preview
Text (Thesis submitted in partial fulfilment of the requirements of Staffordshire University for the degree of Doctor of Philosophy)
Pantaleon Lutta - PhD Thesis.pdf - Submitted Version
Available under License Type All Rights Reserved.

Download (4MB) | Preview
[thumbnail of EThOS Agreement] Text (EThOS Agreement)
EThOS-Deposit-Agreement PL.doc - Other
Restricted to Repository staff only
Available under License Type All Rights Reserved.

Download (115kB)

Abstract or description

The Internet of Things (IoT) has witnessed unprecedented growth, revolutionising the way we interact with connected devices and services. While IoT offers numerous benefits, it presents unique challenges for digital forensics due to the sheer volume and diverse formats of data generated. The varied array of devices, operating systems, and communication protocols further complicates investigations, demanding tailored approaches for information extraction. The absence of standardised regulations within IoT forensics adds to the complexity, hindering consistency and reliability. The real-time nature of IoT also requires novel forensic methods that align with dynamic data flows. This thesis presents a comprehensive review of IoT forensics, addressing the complexities of investigating connected environments and contributing novel methodologies and frameworks to the field of digital forensics.

This thesis proposes a comprehensive IoT framework that addresses the legal and technical challenges of IoT forensic processes to be validated by Machine Learning techniques that aid in the examination and analysis of digital forensic data collected from smart home environments.

The thesis begins with a comprehensive review of the status of IoT forensics through a systematic literature review that explores the current legal and technical challenges of IoT forensics and emphasising the uniqueness of IoT forensics.

A novel IoT digital forensics investigation framework is presented, offering a structured approach to investigations in IoT environments. This framework outlines four key phases, from preparation, live investigation, offline investigation to presentation, and is designed to tackle the unique challenges posed by IoT investigations, particularly the high volume of data. The framework is further validated through the integration of machine learning techniques, demonstrating its practical applicability in smart home environments.

The scarcity of datasets that depict real life IoT scenarios for digital forensics use is a big challenge for IoT forensics researchers. Therefore, this thesis explores different smart home simulation strategies and tools and employs a simulator. The simulator is used to simulate a dataset based on hypothetically created digital forensic case scenarios that mimic a real-life smart home inhabitant.

A new approach is proposed for the use of Hash Indexed Sparse Distributed Representation (HI-SDR) as an input to state-of-the-art anomaly detectors. This technique enhances the accuracy of anomaly detection algorithms, contributing to improved digital forensics investigations in IoT environments. HI-SDR improves feature representations, enabling robust detection of anomalies such as intrusions, variant activities, and deviations from the smart home norm, even in the presence of noise. The results demonstrate that the inclusion of HI-SDR enhances the overall performance of anomaly detection. For instance, there was an impressive improvement of 17% in accuracy and an astonishing leap of over 45% in recall compared to the state-of-art models (OCSVM and Isolation Forest). Additionally, in the case of Isolation Forest, the precision score witnessed a remarkable boost from 27% to 49%, an uplift of 22%. Moreover, the F1 measure, a pivotal metric capturing the equilibrium between precision and recall, experienced a substantial 29% improvement, ascending from an initial score of 36% to an impressive 65%. These percentages underscore the evident enhancements attributed to the strategic combination of HI-SDR and machine learning models. This strategic combination of HI-SDR and machine learning models not only addresses the challenges posed by the unique characteristics of IoT data but also contributes substantively to the advancement of digital forensics in smart environments.

This thesis demonstrates the effectiveness of the proposed framework through the integration of machine learning algorithms, specifically the HI-SDR employed for anomaly detection. This significantly improves the accuracy and efficiency of identifying suspicious activities in smart home environments, and hence aids in the analysis of high volume of data for digital forensic purposes.

Item Type: Thesis (Doctoral)
Faculty: School of Digital, Technologies and Arts > Computer Science, AI and Robotics
Depositing User: Library STORE team
Date Deposited: 28 May 2024 15:58
Last Modified: 28 May 2024 15:58
URI: https://eprints.staffs.ac.uk/id/eprint/8296

Actions (login required)

View Item
View Item