Enhancing IoT Forensics with Machine Learning-Based Anomaly Detection

Abstract

The adaptability and rapid expansion of IoT systems have heightened the likelihood of cyberattacks. Resource-constrained IoT devices present a difficulty for security handlers in tracking records of various attacks during forensic analysis. Forensic analysis is typically conducted on devices to assess the extent of damage incurred as a result of various attacks. The primary aim of this research is to establish a framework that enables security to do forensic analysis on resource-constrained IoT devices. This study proposes a framework that adeptly does forensic analysis and identifies various sorts of attacks on endpoints (IoT devices) via a node-to-node (N2N) architecture. This proposed system integrates many forensic tools and machine learning techniques to detect different sorts of attacks. The issue of evidence retrieval from the compromised endpoint is resolved by utilizing a third-party log server. We utilized the logs from the Security Onion forensic server to ascertain the type and impact of the attack. This framework is capable of autonomously identifying assaults through the application of several machine learning methods.