Publication:
Designing an effective network forensic framework for the investigation of botnets in the Internet of Things

Simple item page
dc.contributor.advisor Sitnikovas, Elena en_US
dc.contributor.advisor Nour, Moustafa en_US
dc.contributor.author Koroniotis, Nickolaos en_US
dc.date.accessioned 2022-03-23T12:55:41Z
dc.date.available 2022-03-23T12:55:41Z
dc.date.issued 2020 en_US
dc.description.abstract The emergence of the Internet of Things (IoT), has heralded a new attack surface, where attackers exploit the security weaknesses inherent in smart things. Comprised of heterogeneous technologies and protocols, the IoT is a source of high-speed and volume data, rendering pre-existing forensic solutions ineffective. As a result, developing new network forensic solutions for the IoT is imperative. Some of the challenges involved in designing network forensic solutions for the IoT are 1) obtaining realistic data that represent contemporary network behaviour, 2) selecting and optimizing a machine learning model, best suited to deal with such data and 3) identifying and tracing attacks. This thesis provides considerable contribution to the research focusing on building a network forensic framework tasked with investigating botnet activities in IoT networks. The first contribution is the design of a new virtual testbed and the generation of a new network dataset, called Bot-IoT. This new dataset incorporates normal IoT traffic and represents a range of realistic network attacks. The second contribution is the selection of optimal features for the dataset. The process combined two measures, namely Pearson Correlation and Joint Entropy to create a score for the features, allowing for the selection of the 10 least-similar, which helped in removing any redundant information from the dataset. The third contribution is the analysis performed on the Bot-IoT dataset. For this analysis, two other widely used dataset, the UNSW-NB15 and NSL-KDD datasets were selected and seven machine learning models were trained. The fourth contribution is the development of the Particle Deep Framework (PDF) which covers the stages of the digital forensic investigation process. The PDF utilizes Particle Swarm Optimization for the selection of the optimal hyperparameters of a deep learning model, which lies at its core and is trained to detect attack network flows. en_US
dc.identifier.uri http://hdl.handle.net/1959.4/68298
dc.language English
dc.language.iso EN en_US
dc.publisher UNSW, Sydney en_US
dc.rights CC BY-NC-ND 3.0 en_US
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/3.0/au/ en_US
dc.subject.other Network Forensics en_US
dc.subject.other Botnet en_US
dc.subject.other Internet of Things en_US
dc.subject.other Neural Network en_US
dc.subject.other Multi-layer perceptron en_US
dc.subject.other Partical Swarm Optimization en_US
dc.title Designing an effective network forensic framework for the investigation of botnets in the Internet of Things en_US
dc.type Thesis en_US
dcterms.accessRights open access
dcterms.rightsHolder Koroniotis, Nickolaos
dspace.entity.type Publication en_US
unsw.accessRights.uri https://purl.org/coar/access_right/c_abf2
unsw.identifier.doi https://doi.org/10.26190/unsworks/21942
unsw.relation.faculty UNSW Canberra
unsw.relation.originalPublicationAffiliation Koroniotis, Nickolaos, Engineering & Information Technology, UNSW Canberra, UNSW en_US
unsw.relation.originalPublicationAffiliation Sitnikovas, Elena, Engineering & Information Technology, UNSW Canberra, UNSW en_US
unsw.relation.originalPublicationAffiliation Nour, Moustafa, Engineering & Information Technology, UNSW Canberra, UNSW en_US
unsw.relation.school School of Engineering and Information Technology *
unsw.thesis.degreetype PhD Doctorate en_US
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
public version.pdf
Size:
2.15 MB
Format:
application/pdf
Description:
Download
Resource type
Thesis