A New Network Digital Forensics Approach for Internet of Things Environment Based on Binary Owl Optimizer

Alazzam, Hadeel; AbuAlghanam, Orieb; Al-zoubi, Qusay M.; Alsmady, Abdulsalam; Alhenawi, Esra’a

doi:10.2478/cait-2022-0033

Abstract

The Internet of Things (IoT) is widespread in our lives these days (e.g., Smart homes, smart cities, etc.). Despite its significant role in providing automatic real-time services to users, these devices are highly vulnerable due to their design simplicity and limitations regarding power, CPU, and memory. Tracing network traffic and investigating its behavior helps in building a digital forensics framework to secure IoT networks. This paper proposes a new Network Digital Forensics approach called (NDF IoT). The proposed approach uses the Owl optimizer for selecting the best subset of features that help in identifying suspicious behavior in such environments. The NDF IoT approach is evaluated using the Bot IoT UNSW dataset in terms of detection rate, false alarms, accuracy, and f-score. The approach being proposed has achieved 100% detection rate and 99.3% f-score and outperforms related works that used the same dataset while reducing the number of features to three features only.

References

1. Nolin, J., N. Olson. The Internet of Things and Convenience. – Internet Research, Vol. 22, No 2, pp. 361-376.
Search in Google Scholar Back to article
2. Abualghanam, O., L. Albdour, O. Adwan. Multimodal Biometric Fusion Online Handwritten Signature Verification Using Neural Network and Support Vector Machine. – Transactions, Vol. 12, 2021, No 5, pp. 1691-1703.
Search in Google Scholar Back to article
3. Abualghanam, O., M. Qatawneh, W. Almobaideen. A Survey of Key Distribution in the Context of Internet of Things. – Journal of Theoretical and Applied Information Technology, Vol. 97, 2019, No 22, pp. 3217-3241.
Search in Google Scholar Back to article
4. Abualghanam, O., M. Qatawneh, W. Almobaideen, M. Saadeh. A New Hierarchical Architecture and Protocol for Key Distribution in the Context of IoT-Based Smart Cities. – Journal of Information Security and Applications, Vol. 67, 2022.10.1016/j.jisa.2022.103173
Search in Google Scholar Back to article
5. Castelo Ǵomez, J. M., J. Carrillo Monďejar, J. Rolďan Ǵomez, J. L. Marťınez Marťınez. A Context-Centered Methodology for IoT Forensic Investigations. – International Journal of Information Security, Vol. 20, 2021, No 5, pp. 647-673.10.1007/s10207-020-00523-6
Search in Google Scholar Back to article
6. Atamli, A. W., A. Martin. Threat-Based Security Analysis for the Internet of Things. – In: Proc. of International Workshop on Secure Internet of Things, IEEE, 2014, pp. 35-43.10.1109/SIoT.2014.10
Search in Google Scholar Back to article
7. Carl, G., G. Kesidis, R. R. Brooks, S. Rai. Denial-of-Service Attack-Detection Techniques.– IEEE Internet Computing, Vol. 10, 2006, No 1, pp. 82-89.10.1109/MIC.2006.5
Search in Google Scholar Back to article
8. Lysenko, S., O. Savenko, K. Bobrovnikova, A. Kryshchuk. Self-Adaptive System for the Corporate Area Network Resilience in the Presence of Botnet Cyberattacks. – In: Proc. of International Conference on Computer Networks, Springer, 2018, pp. 385-401.10.1007/978-3-319-92459-5_31
Search in Google Scholar Back to article
9. Ozawa, S., T. Ban, N. Hashimoto, J. Nakazato, J. Shimamura. A Study of IoT Malware Activities Using Association Rule Learning for Darknet Sensor Data. – International Journal of Information Security, Vol. 19, 2020, No 1, pp. 83-92.10.1007/s10207-019-00439-w
Search in Google Scholar Back to article
10. Xing, Y., H. Shu, H. Zhao, D. Li, L. Guo. Survey on Botnet Detection Techniques: Classification, Methods, and Evaluation. – Mathematical Problems Engineering, Vol 2021, 2021, pp. 1-24.10.1155/2021/6640499
Search in Google Scholar Back to article
11. Regan, C., M. Nasajpour, R. M. Parizi, S. Pouriyeh, A. Dehghantanha, K. K. R. Choo. Federated IoT Security Attack Detection Using Decentralized Edge Data. – Machine Learning with Applications, Vol. 8, 2022, 100263.10.1016/j.mlwa.2022.100263
Search in Google Scholar Back to article
12. Kumar, A., T. J. Lim. Early Detection of Mirai-Like IoT Bots in Large-Scale Networks through Sub-Sampled Packet Traffic Analysis. – In: Proc. of Future of Information and Communication Conference, Springer, Vol. 70, 2019, pp. 847-867.10.1007/978-3-030-12385-7_58
Search in Google Scholar Back to article
13. Meneghello, F., M. Calore, D. Zucchetto, M. Polese, A. Zanella. IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices. – Internet of Things Journal, Vol. 6, 2019, No 5, pp. 8182-8201.10.1109/JIOT.2019.2935189
Search in Google Scholar Back to article
14. Datta, P., B. Sharma. A Survey on IoT Architectures, Protocols, Security and Smart City Based Applications. – In: Proc. of 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT’17), IEEE, 2017. pp. 1-5.10.1109/ICCCNT.2017.8203943
Search in Google Scholar Back to article
15. Wu, T., F. Breitinger, I. Baggili. IoT Ignorance is Digital Forensics Research Bliss: a Survey to Understand IoT Forensics Definitions, Challenges and Future Research Directions. – In: Proc. of 14th International Conference on Availability, Reliability and Security, ACM, 2019, pp. 1-15.10.1145/3339252.3340504
Search in Google Scholar Back to article
16. Seda, M., B. K. P. Kramer. A Comparison of US Forensic Accounting Programs with the National Institute of Justice Funded Model Curriculum. – Journal of Forensic & Investigative Accounting, Vol. 7, 2015, No 2, pp. 144-177.
Search in Google Scholar Back to article
17. Paul Joseph, D., J. Norman. An Analysis of Digital Forensics in Cyber Security. – In: Proc. of 1st International Conference on Artificial Intelligence and Cognitive Computing, Springer; 2019, pp. 701-708.10.1007/978-981-13-1580-0_67
Search in Google Scholar Back to article
18. Jordaan, J. The Role of In Cybercrime Investigation Digital Forensics. – Servamus Community-Based Safety and Security Magazine, Vol. 112, 2019, No 10, pp. 33-37.
Search in Google Scholar Back to article
19. Sonmez, Y. U., A. Varol. Review of Evidence Collection and Protection Phases in Digital Forensics Process. – International Journal of Information Security Science, Vol. 6, 2017, No 4, pp. 39-45.
Search in Google Scholar Back to article
20. Prakash, A., R. Priyadarshini. An Intelligent Software Defined Network Controller for Preventing Distributed Denial of Service Attack. – In: Proc. of 2nd International Conference on Inventive Communication and Computational Technologies (ICICCT’18), IEEE, 2018, pp. 585-589.10.1109/ICICCT.2018.8473340
Search in Google Scholar Back to article
21. Shafiq, M., Z. Tian, A. K. Bashir, X. Du, M. Guizani. IoT Malicious Traffic Identification Using Wrapper-Based Feature Selection Mechanisms. – Computers & Security, Vol. 94, 2020, 101863.10.1016/j.cose.2020.101863
Search in Google Scholar Back to article
22. Koroniotis, N., N. Moustafa, E. Sitnikova, B. Turnbull. Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-Iot Dataset. – Future Generation Computer Systems, Vol. 100, 2019, pp.779-796.10.1016/j.future.2019.05.041
Search in Google Scholar Back to article
23. Koroniotis, N., N. Moustafa, E. Sitnikova. A New Network Forensic Framework Based on Deep Learning for Internet of Things Networks: A Particle Deep Framework. – Future Generation Computer Systems, Vol. 110, 2020, pp. 91-106.10.1016/j.future.2020.03.042
Search in Google Scholar Back to article
24. Orěski, D., D. Andrŏcec. Genetic Algorithm and Artificial Neural Network for Network Forensic Analytics. – In: Proc. of 43rd International Convention on Information, Communication and Electronic Technology (MIPRO’20), IEEE, 2020, pp. 1200-1205.10.23919/MIPRO48935.2020.9245140
Search in Google Scholar Back to article
25. Rizal, R., I. Riadi, Y. Prayudi. Network Forensics for Detecting Flooding Attack on Internet of Things (IoT) Device. – Int. J. Cyber-Security Digit Forensics, Vol. 7, 2018, No 4, pp. 382-390.
Search in Google Scholar Back to article
26. Kumar, A., T. J. Lim. Early Detection of Mirai-Like IoT Bots in Large-Scale Networks through Sub-Sampled Packet Traffic Analysis. – In: Proc. of Future of Information and Communication Conference, Springer, 2019, pp. 847-867.10.1007/978-3-030-12385-7_58
Search in Google Scholar Back to article
27. Moustafa, N., J. Slay. The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems. – In: Proc. of 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS’15), IEEE, 2015, pp. 25-31.10.1109/BADGERS.2015.014
Search in Google Scholar Back to article
28. Papamartzivanos, D., F. G. Mármol, G. Kambourakis. Dendron: Genetic Trees Driven Rule Induction for Network Intrusion Detection Systems. – Future Generation Computer Systems, Vol. 79, 2018, pp. 558-574.10.1016/j.future.2017.09.056
Search in Google Scholar Back to article
29. Anthi, E., L. Williams, M. Słowi´nska, G. Theodorakopoulos, P. Burna p. A Supervised Intrusion Detection System for Smart Home IoT Devices. – IEEE Internet of Things Journal, Vol. 6, 2019, No 5, pp.9042-9053.10.1109/JIOT.2019.2926365
Search in Google Scholar Back to article
30. Ullah, I., Q. H. Mahmoud. A Two-Level Hybrid Model for Anomalous Activity Detection in IoT Networks. – In: Proc. of 16th IEEE Annual Consumer Communications & Networking Conference (CCNC’19), IEEE, 2019, pp. 1-6.10.1109/CCNC.2019.8651782
Search in Google Scholar Back to article
31. Alazzam, H., A. Alsmady, A. A. Shorman. Supervised Detection of IoT Bot-8 Net Attacks. – In: Proc. of 2nd International Conference on Data Science, e-Learning and Information Systems, ACM, 2019, pp. 1-6.10.1145/3368691.3368733
Search in Google Scholar Back to article
32. Liu, L., B. Xu, X. Zhang, X. Wu. An Intrusion Detection Method for Internet of Things Based on Suppressed Fuzzy Clustering. – EURASIP Journal on Wireless Communications and Networking, Vol. 2018, 2018, No 1, pp. 1-7.10.1186/s13638-018-1128-z
Search in Google Scholar Back to article
33. Babu, M. J., A. R. Reddy. SH-IDS: Specification Heuristics Based Intrusion Detection System for IoT Networks. – Wireless Personal Communications, Vol. 112, 2020, No 3, pp. 2023-2045.10.1007/s11277-020-07137-0
Search in Google Scholar Back to article
34. Pollitt, M. Computer Forensics: An Approach to Evidence in Cyberspace. – In: Proc. of National Information Systems Security Conference, Vol. 2, 1995, pp. 487-491.
Search in Google Scholar Back to article
35. Koroniotis, N., N. Moustafa, E. Sitnikova, J. Slay. Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques. – In: Proc. of International Conference on Mobile Networks and Management, Springer, 2017, pp. 30-44.10.1007/978-3-319-90775-8_3
Search in Google Scholar Back to article
36. Koroniotis, N. Designing an Effective Network Forensic Framework for the Investigation of Botnets in the Internet of Things. University of New South Wales, Sydney, Australia, 2020.
Search in Google Scholar Back to article
37. Koroniotis, N., N. Moustafa. Enhancing Network Forensics with Particle Swarm and Deep Learning: The Particle Deep Framework. – Future Generation, Vol. 110, 2020, pp. 91-106.10.1016/j.future.2020.03.042
Search in Google Scholar Back to article
38. Koroniotis, N., N. Moustafa, F. Schiliro, P. Gauravaram, H. Janicke. A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports. – IEEE Access, Vol. 8, 2020, pp. 209802-209834.10.1109/ACCESS.2020.3036728
Search in Google Scholar Back to article
39. Alazzam, H., A. Sharieh, K. E. Sabri. A Lightweight Intelligent Network Intrusion Detection System Using OCSVM and Pigeon Inspired Optimizer. – Applied Intelligence, Vol. 52, 2022, No 4, pp. 3527-3544.10.1007/s10489-021-02621-x
Search in Google Scholar Back to article
40. Jain, M., S. Maurya, A. Rani, V. Singh. Owl Search Algorithm: A Novel Nature-Inspired Heuristic Paradigm for Global Optimization. – Journal of Intelligent & Fuzzy Systems, Vol. 34, 2018, No 3, pp. 1573-1582.10.3233/JIFS-169452
Search in Google Scholar Back to article
41. Lai, G., L. Li, Q. Zeng, N. Yousefi. Developed Owl Search Algorithm for Parameter Estimation of PEMFCs. – International Journal of Ambient Energy, Vol. 2020, 2020, pp. 1-10.10.1080/01430750.2020.1842240
Search in Google Scholar Back to article
42. El-Ashmawi, W. H., D. S. Abd Elminaam, A. M. Nabil, E. Eldesouky. A Chaotic Owl Search Algorithm Based Bilateral Negotiation Model. – Ain Shams Engineering Journal, Vol. 11, 2020, No 4, pp. 1163-1178.10.1016/j.asej.2020.01.005
Search in Google Scholar Back to article
43. Moulahi, T., S. Zidi, A. Alabdulatif, M. Atiquzzaman. Comparative Performance Evaluation of Intrusion Detection Based on Machine Learning in In-Vehicle Controller Area Network Bus. – IEEE Access, Vol. 9, 202, pp. 99595-99605.10.1109/ACCESS.2021.3095962
Search in Google Scholar Back to article
44. Istiaque, S. M., A. I. Khan, Z. Al Hassan, S. Waheed. Performance Evaluation of a Smart Intrusion Detection System (IDS) Model. – European Journal of Engineering and Technology Research, Vol. 6, 2021, No 2, pp. 148-152.10.24018/ejeng.2021.6.2.2371
Search in Google Scholar Back to article
45. Salih, A. A., A. M. Abdulazeez. Evaluation of Classification Algorithms for Intrusion Detection System: A Review. – Journal of Soft Computing and Data Mining, Vol. 2, 2021, No 1, pp. 31-40.10.30880/jscdm.2021.02.01.004
Search in Google Scholar Back to article