IoT-CAD: a comprehensive digital forensics dataset for AI-based cyberattack attribution detection methods in IoT environments

Tracing and identifying attack characteristics, known as Cyberattack Attribution Detection (CAD), is in its early stages. It requires utilizing Deep Learning (DL) techniques to scan multiple devices to identify cyberattacks and detect their attributes effectively in IoT environments. Training and validation of these techniques require comprehensive datasets generated from heterogeneous data sources. However, there is a lack of high-quality and diverse IoT-based datasets involving cyberattack attributes. In this paper, a testbed and novel Internet of Things (IoT) forensics dataset suitable for CAD, called IoT-CAD, are introduced. The proposed dataset focuses on obtaining traces from Windows and Linux operating systems to encompass a plethora of sources, such as memory information, hard drives, processes, system calls, and network traffic. It incorporates traces from many IoT devices and realistic attack scenarios to ensure its relevance and applicability to real-world situations. After collecting, processing and analyzing the dataset, it is evaluated using Machine Learning (ML), Digital Forensics (DF), and Explainable AI (X-AI) techniques. The learning evaluation involves two approaches: Centralized learning for cyberattack detection; and Federated Learning (FL) for CAD. Also, network forensics is employed to investigate the network traffic to ensure that the dataset is realistic and accurately represents attack scenarios. Furthermore, X-AI techniques are used to assess the impact and contribution of each feature on the performances of the ML models, thus justifying the data features presented . This work can be considered a baseline for CAD methods in IoT environments. The dataset can be downloaded from https://shorturl.at/zLDG6.