KFREAIN: Design of A Kernel-Level Forensic Layer for Improving Real-Time Evidence Analysis Performance in IoT Networks
Abstract
An exponential increase in number of attacks in IoT Networks makes it essential to formulate attack-level mitigation strategies. This paper proposes design of a scalable Kernel-level Forensic layer that assists in improving real-time evidence analysis performance to assist in efficient pattern analysis of the collected data samples. It has an inbuilt Temporal Blockchain Cache (TBC), which is refreshed after analysis of every set of evidences. The model uses a multidomain feature extraction engine that combines lightweight Fourier, Wavelet, Convolutional, Gabor, and Cosine feature sets that are selected by a stochastic Bacterial Foraging Optimizer (BFO) for identification of high variance features. The selected features are processed by an ensemble learning (EL) classifier that use low complexity classifiers reducing the energy consumption during analysis by 8.3% when compared with application-level forensic models. The model also showcased 3.5% higher accuracy, 4.9% higher precision, and 4.3% higher recall of attack-event identification when compared with standard forensic techniques. Due to kernel-level integration, the model is also able to reduce the delay needed for forensic analysis on different network types by 9.5%, thus making it useful for real-time & heterogenous network scenarios.
Downloads
References
M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis and E. K. Markakis, A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues, in IEEE Communications Surveys & Tutorials, Vol. 22, No. 2, pp. 1191-1221, Second quarter 2020. DOI: https://doi.org/10.1109/COMST.2019.2962586
W. A. Mahrous, M. Farouk and S. M. Darwish, An Enhanced Blockchain-Based IoT Digital Forensics Architecture Using Fuzzy Hash, in IEEE Access, Vol. 9, pp. 151327-151336, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3126715
A. P. Sayakkara and N. -A. Le-Khac, Electromagnetic Side-Channel Analysis for IoT Forensics: Challenges, Framework, and Datasets, in IEEE Access, Vol. 9, pp. 113585-113598, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3104525
J. Hou, Y. Li, J. Yu and W. Shi, A Survey on Digital Forensics in Internet of Things, in IEEE Internet of Things Journal, Vol. 7, No. 1, pp. 1-15, Jan. 2020. DOI: https://doi.org/10.1109/JIOT.2019.2940713
A. Al-Dhaqm et al., Digital Forensics Subdomains: The State of the Art and Future Directions, in IEEE Access, Vol. 9, pp. 152476-152502, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3124262
D. Kim, Y. Pan and J. H. Park, A Study on the Digital Forensic Investigation Method of Clever Malware in IoT Devices, in IEEE Access, Vol. 8, pp. 224487-224499, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3043939
Z. Li, H. Ren, E. Chou, X. Liu and C. D. McAllister, Retrieving Forensically Sound Evidence from the ESP Series of IoT Devices, in IEEE Internet of Things Journal, Vol. 9, No. 15, pp. 13144-13152, 1 Aug.1, 2022. DOI: https://doi.org/10.1109/JIOT.2022.3144164
Z. Liao, X. Pang, J. Zhang, B. Xiong and J. Wang, Blockchain on Security and Forensics Management in Edge Computing for IoT: A Comprehensive Survey, in IEEE Transactions on Network and Service Management, Vol. 19, No. 2, pp. 1159-1175, June 2022. DOI: https://doi.org/10.1109/TNSM.2021.3122147
L. Zhou, Y. Hu and Y. Makris, A Hardware-Based Architecture-Neutral Framework for Real-Time IoT Workload Forensics, in IEEE Transactions on Computers, Vol. 69, No. 11, pp. 1668-1680, 1 Nov. 2020. DOI: https://doi.org/10.1109/TC.2020.3000237
R. Zhao et al., A Novel Intrusion Detection Method Based on Lightweight Neural Network for Internet of Things, in IEEE Internet of Things Journal, Vol. 9, No. 12, pp. 9960-9972, 15 June15, 2022. DOI: https://doi.org/10.1109/JIOT.2021.3119055
G. Parise, D. Mohla, L. Parise and M. Lombardi, IoT Innovations and Forensic Engineering in the Digital Age, in IEEE Transactions on Industry Applications, Vol. 57, No. 3, pp. 2098-2103, May-June 2021. DOI: https://doi.org/10.1109/TIA.2021.3057344
J. Cui, X. Zhang, H. Zhong, J. Zhang and L. Liu, Extensible Conditional Privacy Protection Authentication Scheme for Secure Vehicular Networks in a Multi-Cloud Environment, in IEEE Transactions on Information Forensics and Security, Vol. 15, pp. 1654-1667, 2020. DOI: https://doi.org/10.1109/TIFS.2019.2946933
L. Wei, J. Cui, Y. Xu, J. Cheng and H. Zhong, Secure and Lightweight Conditional Privacy-Preserving Authentication for Securing Traffic Emergency Messages in VANETs, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 1681-1695, 2021. DOI: https://doi.org/10.1109/TIFS.2020.3040876
J. Zhang, H. Zhong, J. Cui, Y. Xu and L. Liu, SMAKA: Secure Many-to-Many Authentication and Key Agreement Scheme for Vehicular Networks, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 1810-1824, 2021. DOI: https://doi.org/10.1109/TIFS.2020.3044855
X. Zhang, H. Zhong, C. Fan, I. Bolodurina and J. Cui, CBACS: A Privacy-Preserving and Efficient Cache-Based Access Control Scheme for Software Defined Vehicular Networks, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 1930-1945, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3174389
Q. Zhang, J. Wu, H. Zhong, D. He and J. Cui, Efficient Anonymous Authentication Based on Physically Unclonable Function in Industrial Internet of Things, in IEEE Transactions on Information Forensics and Security, Vol. 18, pp. 233-247, 2023. DOI: https://doi.org/10.1109/TIFS.2022.3218432
Z. Abdullah, G. Chen, M. A. M. Abdullah and J. A. Chambers, Enhanced Secrecy Performance of Multihop IoT Networks with Cooperative Hybrid-Duplex Jamming, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 161-172, 2021. DOI: https://doi.org/10.1109/TIFS.2020.3005336
S. Rajendran and Z. Sun, RF Impairment Model-Based IoT Physical-Layer Identification for Enhanced Domain Generalization, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 1285-1299, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3158553
N. Y. Ahn and D. H. Lee, Security of IoT Device: Perspective Forensic/Anti-Forensic Issues on Invalid Area of NAND Flash Memory, in IEEE Access, Vol. 10, pp. 74207-74219, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3190957
N. V. Abhishek, A. Tandon, T. J. Lim and B. Sikdar, A GLRT-Based Mechanism for Detecting Relay Misbehavior in Clustered IoT Networks, in IEEE Transactions on Information Forensics and Security, Vol. 15, pp. 435-446, 2020. DOI: https://doi.org/10.1109/TIFS.2019.2922262
F. Tong, X. Chen, K. Wang and Y. Zhang, CCAP: A Complete Cross-Domain Authentication Based on Blockchain for Internet of Things, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 3789-3800, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3214733
S. Zhao, S. Li, L. Qi and L. D. Xu, Computational Intelligence Enabled Cybersecurity for the Internet of Things, in IEEE Transactions on Emerging Topics in Computational Intelligence, Vol. 4, No. 5, pp. 666-674, Oct. 2020. DOI: https://doi.org/10.1109/TETCI.2019.2941757
Y. Zhou, G. Cheng and S. Yu, An SDN-Enabled Proactive Defense Framework for DDoS Mitigation in IoT Networks, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 5366-5380, 2021. DOI: https://doi.org/10.1109/TIFS.2021.3127009
L. David, A. Hassidim, Y. Matias, M. Yung and A. Ziv, Eddystone-EID: Secure and Private Infrastructural Protocol for BLE Beacons, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 3877-3889, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3214074
H. M. J. Almohri, L. T. Watson and D. Evans, An Attack-Resilient Architecture for the Internet of Things, in IEEE Transactions on Information Forensics and Security, Vol. 15, pp. 3940-3954, 2020. DOI: https://doi.org/10.1109/TIFS.2020.2994777
A. Vangala, A. K. Das, A. Mitra, S. K. Das and Y. Park, Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Networks, in IEEE Transactions on Information Forensics and Security, Vol. 18, pp. 904-919, 2023. DOI: https://doi.org/10.1109/TIFS.2022.3231121
B. Ahuja, D. Mishra and R. Bose, Fair Subcarrier Allocation for Securing OFDMA in IoT Against Full-Duplex Hybrid Attacker, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 2898-2911, 2021. DOI: https://doi.org/10.1109/TIFS.2021.3067157
P. Zhang, Y. Tao, Q. Zhao and M. Zhou, A Rate-and-Trust-Based Node Selection Model for Block Transmission in Blockchain Networks, in IEEE Internet of Things Journal, Vol. 10, No. 2, pp. 1605-1616, 15 Jan.15, 2023. DOI: https://doi.org/10.1109/JIOT.2022.3210197
Z. He et al., Edge Device Identification Based on Federated Learning and Network Traffic Feature Engineering, in IEEE Transactions on Cognitive Communications and Networking, Vol. 8, No. 4, pp. 1898-1909, Dec. 2022. DOI: https://doi.org/10.1109/TCCN.2021.3101239
L. Li, Y. Luo, J. Yang and L. Pu, Reinforcement Learning Enabled Intelligent Energy Attack in Green IoT Networks, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 644-658, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3149148
M. I. Ali et al., Security Challenges and Cyber Forensic Ecosystem in IoT Driven BYOD Environment, in IEEE Access, Vol. 8, pp. 172770-172782, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3024784
Q. Luo, J. Liu, J. Wang, Y. Tan, Y. Cao and N. Kato, Automatic Content Inspection and Forensics for Children Android Apps, in IEEE Internet of Things Journal, Vol. 7, No. 8, pp. 7123-7134, Aug. 2020. DOI: https://doi.org/10.1109/JIOT.2020.2982248
T. Trajanovski and N. Zhang, An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA), in IEEE Access, Vol. 9, pp. 124360-124383, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3110188
A. Nieto, Becoming JUDAS: Correlating Users and Devices During a Digital Investigation, in IEEE Transactions on Information Forensics and Security, Vol. 15, pp. 3325-3334, 2020. DOI: https://doi.org/10.1109/TIFS.2020.2988602
Z. Zhou et al., Coverless Information Hiding Based on Probability Graph Learning for Secure Communication in IoT Environment, in IEEE Internet of Things Journal, Vol. 9, No. 12, pp. 9332-9341, 15 June15, 2022. DOI: https://doi.org/10.1109/JIOT.2021.3103779
G. Xu et al., An Ensemble Learning-Based Prediction Model for Image Forensics From IoT Camera in Smart Cities, in IEEE Access, Vol. 8, pp. 222117-222125, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3043765
M. R. Nosouhi, K. Sood, M. Grobler and R. Doss, Towards Spoofing Resistant Next Generation IoT Networks, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 1669-1683, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3170276
L. Sun, Y. Wang, Z. Qu and N. N. Xiong, BeatClass: A Sustainable ECG Classification System in IoT-Based eHealth, in IEEE Internet of Things Journal, Vol. 9, No. 10, pp. 7178-7195, 15 May15, 2022. DOI: https://doi.org/10.1109/JIOT.2021.3108792
E. Dushku, M. M. Rabbani, M. Conti, L. V. Mancini and S. Ranise, SARA: Secure Asynchronous Remote Attestation for IoT Systems, in IEEE Transactions on Information Forensics and Security, Vol. 15, pp. 3123-3136, 2020. DOI: https://doi.org/10.1109/TIFS.2020.2983282
X. Xu, X. Liu, Z. Xu, F. Dai, X. Zhang and L. Qi, Trust-Oriented IoT Service Placement for Smart Cities in Edge Computing, in IEEE Internet of Things Journal, Vol. 7, No. 5, pp. 4084-4091, May 2020. DOI: https://doi.org/10.1109/JIOT.2019.2959124
S. Yılmaz, E. Aydogan and S. Sen, A Transfer Learning Approach for Securing Resource-Constrained IoT Devices, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 4405-4418, 2021. DOI: https://doi.org/10.1109/TIFS.2021.3096029
N. Wang, W. Li, A. Alipour-Fanid, L. Jiao, M. Dabaghchian and K. Zeng, Pilot Contamination Attack Detection for 5G MmWave Grant-Free IoT Networks, in IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 658-670, 2021. DOI: https://doi.org/10.1109/TIFS.2020.3017932
S. Ma, Y. Zhong and Q. Huang, Efficient Public Key Encryption With Outsourced Equality Test for Cloud-Based IoT Environments, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 3758-3772, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3212203
I. Ali et al., Systematic Literature Review on IoT-Based Botnet Attack, in IEEE Access, Vol. 8, pp. 212220-212232, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3039985
Z. Jin, C. Zhang, Y. Jin, L. Zhang and J. Su, A Resource Allocation Scheme for Joint Optimizing Energy Consumption and Delay in Collaborative Edge Computing-Based Industrial IoT, in IEEE Transactions on Industrial Informatics, Vol. 18, No. 9, pp. 6236-6243, Sept. 2022. DOI: https://doi.org/10.1109/TII.2021.3125376
Y. Yu and J. Liu, TAPInspector: Safety and Liveness Verification of Concurrent Trigger-Action IoT Systems, in IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 3773-3788, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3214084
N. Singhal, V. Ganganwar, M. Yadav, A. Chauhan, M. Jakhar, and K. Sharma, Comparative Study of Machine Learning and Deep Learning Algorithm for Face Recognition, In Jordanian Journal of Computers and Information Technology (Issue 0, p. 1), 2021. DOI: https://doi.org/10.5455/jjcit.71-1624859356
A. Angbera, and H. Chan, A Novel True Real-Time Spatiotemporal Data Stream Processing Framework, in Jordanian Journal of Computers and Information Technology (Issue 0, p. 1), 2022. DOI: https://doi.org/10.5455/jjcit.71-1646838830
N. Yassin, Data Hiding Technique for Color Images using Pixel Value Differencing and Chaotic Map, In Jordanian Journal of Computers and Information Technology (Issue 0, p. 1), 2022. DOI: https://doi.org/10.5455/jjcit.71-1642508824
Z. Ashi, L. Aburashed, M. Qudah, and A. Qusef, Network Intrusion Detection Systems Using Supervised Machine Learning Classification and Dimensionality Reduction Techniques: A Systematic Review, In Jordanian Journal of Computers and Information Technology (Issue 0, p. 1), 2021. DOI: https://doi.org/10.5455/jjcit.71-1629527707
A. Oussous, and F. Benjelloun, A Comparative Study of Different Search and Indexing Tools for Big Data, In Jordanian Journal of Computers and Information Technology (Issue 0, p. 1), 2022. DOI: https://doi.org/10.5455/jjcit.71-1637097759
I. Almomani, and K. Sundus, The Impact of Mobility Models on the Performance of Authentication Services in Wireless Sensor Networks, In Jordanian Journal of Computers and Information Technology (Issue 0, p. 1), 2020. DOI: https://doi.org/10.5455/jjcit.71-1563658722
Copyright (c) 2023 EMITTER International Journal of Engineering Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The copyright to this article is transferred to Politeknik Elektronika Negeri Surabaya(PENS) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to PENS. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment. The copyright transfer form can be downloaded here .
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
- Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
- Authors may reproduce or authorize others to reproduce the work or derivative works for the author’s personal use or company use, provided that the source and the copyright notice of Politeknik Elektronika Negeri Surabaya (PENS) publisher are indicated.
- Authors are allowed to use and reuse their articles under the same CC-BY-NC-SA license as third parties.
- Third-parties are allowed to share and adapt the publication work for all non-commercial purposes and if they remix, transform, or build upon the material, they must distribute under the same license as the original.
Plagiarism Check
To avoid plagiarism activities, the manuscript will be checked twice by the Editorial Board of the EMITTER International Journal of Engineering Technology (EMITTER Journal) using iThenticate Plagiarism Checker and the CrossCheck plagiarism screening service. The similarity score of a manuscript has should be less than 25%. The manuscript that plagiarizes another author’s work or author's own will be rejected by EMITTER Journal.
Authors are expected to comply with EMITTER Journal's plagiarism rules by downloading and signing the plagiarism declaration form here and resubmitting the form, along with the copyright transfer form via online submission.