Research Area:  Digital Forensics
The emergence of the Internet of Things (IoT), has heralded new attack surfaces,where attackers exploit the security weaknesses inherent in smart things. The IoT is comprised of heterogeneous devices and protocols which is a source of high-speed and volume data, rendering preexisting forensic solutions ineffective. As a result,developing new network forensic solutions for the IoT is imperative. The key challenges involved in designing network forensic solutions for the IoT include:1) obtaining realistic data that represent contemporary network behavior, 2)selecting and optimizing a machine learning model, best suited to deal with such data and 3) identifying and tracing attacks. This thesis provides a considerable contribution to the research focusing on building a network forensic framework tasked with investigating botnet activities in IoT networks.
The first contribution is the design of a new virtual IoT network test bed and the generation of a new network dataset, called Bot-IoT. This new dataset incorporates normal IoT traffic and represents a range of realistic network attacks.This dataset has new IoT features that do not exist in the literature, along with new security events of botnets, for evaluating new network forensics and intrusion detection systems. The second contribution is the selection of optimal features that can be used to build effective network forensics techniques based on machine learning.
Name of the Researcher:  Nickolaos Koroniotis
Name of the Supervisor(s):  Elena Sitnikova
Year of Completion:  2020
University:  The University of New South Wales
Thesis Link:   Home Page Url