TY - JOUR
T1 - Harnessing federated learning for digital forensics in IoT
T2 - a survey and introduction to the IoT-LF framework
AU - Mohamed, Hania
AU - Koroniotis, Nickolaos
AU - Moustafa, Nour
AU - Schiliro, Francesco
AU - Zomaya, Albert Y.
N1 - Copyright the Author(s) 2024. Version archived for private and non-commercial use with the permission of the author/s and according to publisher conditions. For further rights please contact the publisher.
PY - 2025
Y1 - 2025
N2 - The proliferation of the Internet of Things (IoT) systems has fueled a surge in cybercrime, particularly through advanced persistent threats, such as botnets and ransomware, posing challenges for centralized Digital Forensics (DF) solutions in tracking decentralized attacks and ensuring data privacy. Despite these challenges, existing research has primarily focused on traditional DF methods, overlooking the unique demands of IoT environments. Federated Learning (FL) provides a promising solution for addressing these challenges by offering a privacy-preserving solution for detecting and investigating cyberattacks in IoT networks without compromising data privacy. However, the potential of FL in the context of IoT forensics remains largely unexplored. This paper bridges this gap by reviewing recent studies in IoT forensics and proposing a novel IoT Learning Forensics (IoT-LF) framework to detect and trace cyberattacks in IoT environments. In this framework, a multi-dimensional view of the environment, including telemetry, network, and application, is considered for data gathering. In addition, FL cycles are employed to automate the examination and analysis of these data during the investigation process. The feasibility and functionality of this framework are validated by a Proof of Concept, achieving a detection accuracy of approximately 81.69%, when trained on the TON-IoT dataset. Moreover, the research challenges, lessons learned, and future research solutions for applying FL for DF in an IoT environment are discussed.
AB - The proliferation of the Internet of Things (IoT) systems has fueled a surge in cybercrime, particularly through advanced persistent threats, such as botnets and ransomware, posing challenges for centralized Digital Forensics (DF) solutions in tracking decentralized attacks and ensuring data privacy. Despite these challenges, existing research has primarily focused on traditional DF methods, overlooking the unique demands of IoT environments. Federated Learning (FL) provides a promising solution for addressing these challenges by offering a privacy-preserving solution for detecting and investigating cyberattacks in IoT networks without compromising data privacy. However, the potential of FL in the context of IoT forensics remains largely unexplored. This paper bridges this gap by reviewing recent studies in IoT forensics and proposing a novel IoT Learning Forensics (IoT-LF) framework to detect and trace cyberattacks in IoT environments. In this framework, a multi-dimensional view of the environment, including telemetry, network, and application, is considered for data gathering. In addition, FL cycles are employed to automate the examination and analysis of these data during the investigation process. The feasibility and functionality of this framework are validated by a Proof of Concept, achieving a detection accuracy of approximately 81.69%, when trained on the TON-IoT dataset. Moreover, the research challenges, lessons learned, and future research solutions for applying FL for DF in an IoT environment are discussed.
UR - http://www.scopus.com/inward/record.url?scp=85210525793&partnerID=8YFLogxK
U2 - 10.1109/OJCOMS.2024.3492919
DO - 10.1109/OJCOMS.2024.3492919
M3 - Article
AN - SCOPUS:85210525793
SN - 2644-125X
VL - 6
SP - 3161
EP - 3191
JO - IEEE Open Journal of the Communications Society
JF - IEEE Open Journal of the Communications Society
ER -