Abstract
In an Internet of Things (IoT) environment, IoT devices are typically connected through different network media types such as mobile, WiFi and wired networks. Due to the pervasive nature of such devices, they are a potential evidence source in both civil litigation and criminal investigations. It is, however, challenging to identify and acquire forensic artifacts from the broad range of devices, which have varying storage and communication capabilities. We posit the importance of focusing on the hidden links between different IoT devices (e.g. whether one device is controlled or can be accessed from another device in the system), and design an approach to do so. Specifically, our approach adopts a graph to model the message flows of IoT communications, with the aim of facilitating the identification of correlated network traffic, based on the direction of the network and the associated attributes. To demonstrate how such an approach can be deployed in practice, we evaluate our approach using IoT devices in a smart home environment and achieve an accuracy rate of 98.3% for detecting hidden links between devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alabdulsalam, S., Schaefer, K., Kechadi, T., Le-Khac, N.A.: Internet of Things forensics: challenges and case study. In: Advances in Digital Forensics, vol. XIV, p. 35 (2018)
Alliance, Z.: Zigbee specification. Document 053474r17. Zigbee Alliance (January 2008)
Amar, Y., Haddadi, H., Mortier, R., Brown, A., Colley, J., Crabtree, A.: An analysis of home IoT network traffic and behaviour. arXiv preprint arXiv:1803.05368 (2018)
Diederichen, L., Choo, K.K.R., Le-Khac, N.A.: A graph database-based approach to analyze network log files. LNCS, vol. 11928, pp. 53–73. Springer (2019)
Ferrando, R., Stacey, P.: Classification of device behaviour in Internet of Things infrastructures. In: Proceedings of the 1st International Conference on Internet of Things and Machine Learning - IML 2017, pp. 1–7 (2017)
Goudbeek, A., Choo, K.K.R., Le-Khac, N.A.: A forensic investigation framework for smart home environment. In: Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Trustcom/BigDataSE 2018, pp. 1446–1451 (2018)
He, J., Chang, C., He, P., Pathan, M.S.: Network forensics method based on evidence graph and vulnerability reasoning. Future Internet 8(4), 54 (2016)
Jia, Y., Xiao, Y., Yu, J., Cheng, X., Liang, Z., Wan, Z.: A novel graph-based mechanism for identifying traffic vulnerabilities in smart home IoT. Proceedings - IEEE INFOCOM, April 2018, pp. 1493–1501 (2018)
Le-Khac, N.A., Jacobs, D., Nijhoff, J., Bertens, K., Choo, K.K.R.: Smart vehicle forensics: challenges and case study. Future Gener. Comput. Syst. (2018). https://doi.org/10.1016/j.future.2018.05.081
Li, S., Choo, K.R., Sun, Q., Buchanan, W.J., Cao, J.: IoT forensics: Amazon echo as a use case. IEEE Internet Things J. 6(4), 6487–6497 (2019)
Li, S., Qin, T., Min, G.: Blockchain-based digital forensics investigation framework in the Internet of Things and social systems. IEEE Trans. Comput. Soc. Syst. 6, 1433–1441 (2019)
Neise, P.: Intrusion detection through relationship analysis. SANS Institute InfoSec Reading Room, p. 33 (2016)
Neise, P.: Graph-based event correlation for network security defense. Dissertations & theses, The George Washington University (2018)
Noel, S., Harley, E., Tam, K.H., Limiero, M., Share, M.: Cygraph: graph-based analytics and visualization for cybersecurity. In: Handbook of Statistics, vol. 35, pp. 117–167. Elsevier (2016)
Oriwoh, E., Jazani, D., Epiphaniou, G., Sant, P.: Internet of Things forensics: challenges and approaches. In: 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (2013)
Roder, A., Choo, K.K.R., Le-Khac, N.A.: Unmanned aerial vehicle forensic investigation process: Dji phantom 3 drone as a case study. In: The ADFSL 2018 Conference on Digital Forensics, Security and Law, TX, USA, 18 May (2018)
Santos, M.R., Andrade, R.M., Gomes, D.G., Callado, A.C.: An efficient approach for device identification and traffic classification in IoT ecosystems. In: Proceedings - IEEE Symposium on Computers and Communications, pp. 304–309 (June 2018)
Tang, X., Ma, C., Yu, M., Liu, C.: A visualization method based on graph database in security logs analysis. Adv. Comput. Signals Syst. 3(Icamcs), 82–89 (2017). https://doi.org/10.23977/icamcs.2017.1012
Yaqoob, I., Hashem, I.A.T., Ahmed, A., Kazmi, S.A., Hong, C.S.: Internet of Things forensics: recent advances, taxonomy, requirements, and open challenges. Future Gener. Comput. Syst. 92, 265–275 (2019)
Zhang, X., Choo, K.K.R., Beebe, N.L.: How do i share my IoT forensic experience with the broader community? An automated knowledge sharing IoT forensic platform. IEEE Internet Things J. 6(4), 6850–6861 (2019)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alabdulsalam, S.K., Duong, T.Q., Choo, KK.R., Le-Khac, NA. (2021). Evidence Identification and Acquisition Based on Network Link in an Internet of Things Environment. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)