Inproceedings
Pushing Network Forensic Readiness to the Edge: A Resource Constrained Artificial Intelligence Based Methodology
Contribution Summary
The paper presents a novel approach to network forensic readiness on IoT/edge devices, addressing the challenges of limited resources and heterogeneity. The proposed NetFoREdge framework uses AI models to detect attacks, collect evidence, and preserve it for forensic analysis. The framework is evaluated on two datasets, CICIoT2023 and IoT-23, demonstrating its effectiveness in resource-constrained environments. The results show that NetFoREdge achieves high accuracy rates, reducing computational, power, and storage demands while maintaining precision and efficacy.
Keywords: Network Forensic Readiness; IoT/Edge Devices; Artificial Intelligence; Resource-Constrained Environments; Attack Detection; Evidence Collection; Preservation; Digital Forensics
Abstract
Rapid developments in recent years with the Internet of Things (IoT) have supported significant growth in edge computing. The growing number and diversity of IoT/edge devices increase the risk of security incidents. As many IoT/edge devices can be considered lightweight, with limited data processing capacity and significant heterogeneity, traditional digital forensic investigation techniques may not always work with them. Network forensic readiness on IoT/edge devices is a proactive approach to collecting evidence to assist with forensic examinations. This paper introduces the Network Forensic Readiness for Edge Devices (NetFoREdge) framework, focussing on deploying lightweight AI models in resource-constrained environments for attack detection, evidence collection, and preservation. The proposed lightweight AI-driven solution performed effectively on resource-constrained physical devices, namely a Raspberry Pi 3B and a Raspberry Pi Zero 2 W. To evaluate the effectiveness of this approach, experiments have been conducted using two datasets: the recently released IoT network attack dataset, CICIoT2023, and the IoT-23 dataset. The experimental results are very encouraging - achieving an accuracy rate exceeding 99.60% and 99.98% for multiclassification on CICIoT2023 and IoT-23 datasets, respectively, and demonstrating the feasibility of network forensic readiness on IoT/edge devices with limited memory, storage, CPU usage, and power consumption.
BibTeX
@inproceedings{rizvi2024EdgeForensicReadiness,
author={Rizvi, Syed and Scanlon, Mark and McGibney, Jimmy and Sheppard, John},
title="{Pushing Network Forensic Readiness to the Edge: A Resource Constrained Artificial Intelligence Based Methodology}",
booktitle={2024 Cyber Research Conference - Ireland (Cyber-RCI)},
year=2024,
pages = {},
month=11,
publisher={IEEE},
abstract={Rapid developments in recent years with the Internet of Things (IoT) have supported significant growth in edge computing. The growing number and diversity of IoT/edge devices increase the risk of security incidents. As many IoT/edge devices can be considered lightweight, with limited data processing capacity and significant heterogeneity, traditional digital forensic investigation techniques may not always work with them. Network forensic readiness on IoT/edge devices is a proactive approach to collecting evidence to assist with forensic examinations. This paper introduces the Network Forensic Readiness for Edge Devices (NetFoREdge) framework, focussing on deploying lightweight AI models in resource-constrained environments for attack detection, evidence collection, and preservation. The proposed lightweight AI-driven solution performed effectively on resource-constrained physical devices, namely a Raspberry Pi 3B and a Raspberry Pi Zero 2 W. To evaluate the effectiveness of this approach, experiments have been conducted using two datasets: the recently released IoT network attack dataset, CICIoT2023, and the IoT-23 dataset. The experimental results are very encouraging -- achieving an accuracy rate exceeding 99.60% and 99.98% for multiclassification on CICIoT2023 and IoT-23 datasets, respectively, and demonstrating the feasibility of network forensic readiness on IoT/edge devices with limited memory, storage, CPU usage, and power consumption.}
}