Conference Paper

Enhancing IoT Forensics through Deep Learning: Investigating Cyber-Attacks and Analyzing Big Data for Improved Security Measures

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

This paper discovers IoT (Internet of Things) forensics and how the deep learning is improving the efficiency of digital investigations. With the exponential growing of IoT, effective security measures and protocols are obligatory to protect from cyber risks and threats. However, IoT devices are remain vulnerable to attacks, So, this led us to data breaches, loss of privacy, and other harmful consequences. IoT forensics is investigates and analyzes digital evidences related to IoT devices and then identify the source of cyber-attack. This paper has been discussed the fundamentals’ of IoT forensics also the important role it plays in the realm of cybersecurity. Furthermore, this paper explores the different kinds of IoT datasets and how we can automate the analysis of big data by using deep learning. Also, it helps in identify potential sources of evidence, and construct predictive models to prevent future attacks. The paper also shows experiments of two deep learning models, LSTM and RNN, on a binary, 6 class, and 15 class classification. Different evaluation metrics have been used like: precision, recall, F1-score, and ROC which allow investigators to objectively evaluate the forensic model’s effectiveness. The Edge-IIoTset dataset developers who used deep neural networks (DNNs) were compared to the research findings, and it was discovered that the RNN model with the given architecture behaved the best on the dataset.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... A comparative analysis, as detailed in Table 7, situates the ensemble model within the context of recent advancements, delineating its standing against contemporary architectures in the field. In the binary classification domain, CNN-LSTM-GRU achieved parity with the unassailable accuracy of its peers, where models such as CNN-LSTM [35], VGG-16 [36], and RNN [39] also have perfect scores. This uniform excellence across models underscores a maturing understanding and effective handling of binary classification tasks in the IoT security domain. ...
... This is a commendable achievement, especially when juxtaposed with DeepAK-IoT [37] and Inception Time [34], which represent the upper echelon of performances in this category. Notably, CNN-LSTM-GRU showed marked superiority over LNKDSEA [38] and RNN [39], underscoring the efficacy of the ensemble approach in managing the increased complexity of fine-grained classifications. ...
... The CNN component of our ensemble model is primarily responsible for spatial feature extraction. Unlike traditional models such as the DNN [33] and RNN [39], which may lack depth in feature extraction, the CNN layers in our model provide a comprehensive analysis of the input data's spatial characteristics. This is evident in the binary classification results, where our model matches the perfect accuracy of the CNN-LSTM [35] and the VGG-16 [36], which are known for their strong feature extraction capabilities. ...
Article
Full-text available
In the evolving landscape of Internet of Things (IoT) and Industrial IoT (IIoT) security, novel and efficient intrusion detection systems (IDSs) are paramount. In this article, we present a groundbreaking approach to intrusion detection for IoT-based electric vehicle charging stations (EVCS), integrating the robust capabilities of convolutional neural network (CNN), long short-term memory (LSTM), and gated recurrent unit (GRU) models. The proposed framework leverages a comprehensive real-world cybersecurity dataset, specifically tailored for IoT and IIoT applications, to address the intricate challenges faced by IoT-based EVCS. We conducted extensive testing in both binary and multiclass scenarios. The results are remarkable, demonstrating a perfect 100% accuracy in binary classification, an impressive 97.44% accuracy in six-class classification, and 96.90% accuracy in fifteen-class classification, setting new benchmarks in the field. These achievements underscore the efficacy of the CNN-LSTM-GRU ensemble architecture in creating a resilient and adaptive IDS for IoT infrastructures. The ensemble algorithm, accessible via GitHub, represents a significant stride in fortifying IoT-based EVCS against a diverse array of cybersecurity threats.
... Even a comparative analysis (Table 7) over these tables with the state of art architectures in recent times to prove its mettle above others. The unavailable accuracies of its peers in the binary classification domain, The achieved parity with not only CNN-LSTM [35], and VGG-16 [36] but RNN [39) as-well-all scored a perfect 10 are printed in Table 1. These same success rates, nearly universal across all channels, highlight a volume and development level of the challenge/technique binary classification task inside IoT security. ...
... The CNNs are used for spatial feature extraction, mostly required for our ensemble model. In contrast to the conventional DNN [33] and RNN [39] as basic models which can not seize overall spatial information about input data, our model using CNN layers captures entire dimensions of multi-channel time sequences. This is because our model captures perfect accuracy in the binary classification, since it contributes well for feature extraction and hence matches with CNN-LSTM [35] and VGG-16 [36]. ...
Article
The recent frame of IoT and Industrial IoT security brings new type of intrusion detection systems. We propose a new method for Intrusion Detection in IoT based EVCS with the integration of Convolutional Neural Network, Long Short-term Memory model and Gated Recurrent Unit. This work uses a naturally pervasive, and representative real-world security focusing on IoT typical applications to address the capillary layer inherent challenges (e.g. at each EVCS vs through IT infrastructure as compared peripheral equipment). We have tested this both with Binary and Multiclass exhaustively. The benchmarks are perfectly accurate (100 % binary class, 97.44% six-class classification and near ~96/90%% in fifteen classes that certainly sets a new bar for the going forward!) Collectively, the entire ensemble architecture demonstrates a scalable high performance mean so again this ways these accomplishments certify that CNN-LSTM-GRU-based complex models can be used in space-strapped and processing constrained Intrusion Detection system for IoT to perform consistently robust. The ensemble algorithm, which is open sourced on the GitHub under our simulation framework codebase also represents a significant improvement in securing Internet of Things based EVCS from various cyber security threats.
Conference Paper
Digital forensic investigation is a systematic process for identifying, preserving, collecting, analyzing, and presenting digital evidence in court. Chain-of-custody (CoC) is crucial, ensuring the evidence's integrity and admissibility. Blockchain technology, with its characteristics of openness, decentralization, and immutable ledger, offers enhanced security and transparency for maintaining digital evidence during forensic investigations. This paper presents the CustodyChainGuardian (CCG) framework, a multi-layered methodology designed to ensure the integrity, authenticity, and traceability of digital evidence throughout its lifecycle. The fourlayer architecture includes the Front-end Layer, Cloud Layer, Database Layer, and Blockchain Layer. The Front-end Layer provides a user-friendly interface for evidence submission and management, while the Cloud Layer offers robust storage and backup capabilities. The Database Layer stores original digital evidence with unique identifiers and strict access control. The Blockchain Layer introduces immutability and transparency to the chain-of-custody. Rigorous experimentation validates the system's effectiveness and reliability.
Article
htrrt
Article
Full-text available
The IoT’s quick development has brought up several security problems and issues that cannot be solved using traditional intelligent systems. Deep learning (DL) in the field of artificial intelligence (AI) has proven to be efficient, with many advantages that can be used to address IoT cybersecurity concerns. This study trained two models of intelligent networks—namely, DenseNet and Inception Time—to detect cyber-attacks based on a multi-class classification method. We began our investigation by measuring the performance of these two networks using three datasets: the ToN-IoT dataset, which consists of heterogeneous data; the Edge-IIoT dataset; and the UNSW2015 dataset. Then, the results were compared by identifying several cyber-attacks. Extensive experiments were conducted on standard ToN-IoT datasets using the DenseNet multicategory classification model. The best result we obtained was an accuracy of 99.9% for Windows 10 with DenseNet, but by using the Inception Time approach we obtained the highest result for Windows 10 with the network, with 100% accuracy. As for using the Edge-IIoT dataset with the Inception Time approach, the best result was an accuracy of 94.94%. The attacks were also assessed in the UNSW-NB15 database using the Inception Time approach, which had an accuracy rate of 98.4%. Using window sequences for the sliding window approach and a six-window size to start training the Inception Time model yielded a slight improvement, with an accuracy rate of 98.6% in the multicategory classification.
Article
Full-text available
In recent years, mobile edge computing (MEC) has become a research hotspot in academia. The Internet of Things (IoT) is an excellent way to build the infrastructure required for a MEC environment. Its rich digital tracking repository can provide insights into people's daily activities at home and elsewhere. Meanwhile, due to the open connectivity of the Internet of things devices, they can easily become the target of network attacks and be used by criminals as criminal tools. As a result, civil and criminal cases have increased year by year. This article conducts in-depth research on IoT forensics. By comparing its difference with traditional digital forensics (DF), the definition of IoT forensics is given. We have systematically sorted out the research results since the concept of IoT forensics was proposed in 2013 and proposed a generalized IoT forensics model. By studying blockchain technology and introducing it into the IoT forensics framework, a blockchain-based IoT forensics architecture is further proposed. Further, an alliance chain IoT forensics system is proposed. From the perspective of the data provider and the data visitor, the process of evidence storage and forensics of the IoT system is discussed. Finally, taking Unmanned Aerial Vehicle (UAV) forensics as an example, we give an experiment of IoT forensics analysis.
Article
Full-text available
In this paper, we propose a new comprehensive realistic cyber security dataset of IoT and IIoT applications, called Edge-IIoTset, which can be used by machine learning-based intrusion detection systems in two different modes, namely, centralized and federated learning. Specifically, the dataset has been generated using a purpose-built IoT/IIoT testbed with a large representative set of devices, sensors, protocols and cloud/edge configurations. The IoT data are generated from various IoT devices (more than 10 types) such as Low-cost digital sensors for sensing temperature and humidity, Ultrasonic sensor, Water level detection sensor, pH Sensor Meter, Soil Moisture sensor, Heart Rate Sensor, Flame Sensor, etc.). Furthermore, we identify and analyze fourteen attacks related to IoT and IIoT connectivity protocols, which are categorized into five threats, including, DoS/DDoS attacks, Information gathering, Man in the middle attacks, Injection attacks, and Malware attacks. In addition, we extract features obtained from different sources, including alerts, system resources, logs, network traffic, and propose new 61 features with high correlations from 1176 found features. After processing and analyzing the proposed realistic cyber security dataset, we provide a primary exploratory data analysis and evaluate the performance of machine learning approaches (i.e., traditional machine learning as well as deep learning) in both centralized and federated learning modes. The Edge-IIoTset dataset can be publicly accessed from http://ieee-dataport.org/8939 .
Article
Full-text available
The versatility of IoT devices increases the probability of continuous attacks on them. The low processing power and low memory of IoT devices have made it difficult for security analysts to keep records of various attacks performed on these devices during forensic analysis. The forensic analysis estimates how much damage has been done to the devices due to various attacks. In this paper, we have proposed an intelligent forensic analysis mechanism that automatically detects the attack performed on IoT devices using a machine-to-machine (M2M) framework. Further, the M2M framework has been developed using different forensic analysis tools and machine learning to detect the type of attacks. Additionally, the problem of an evidence acquisition (attack on IoT devices) has been resolved by introducing a third-party logging server. Forensic analysis is also performed on logs using forensic server (security onion) to determine the effect and nature of the attacks. The proposed framework incorporates different machine learning (ML) algorithms for the automatic detection of attacks. The performance of these models is measured in terms of accuracy, precision, recall, and F1 score. The results indicate that the decision tree algorithm shows the optimum performance as compared to the other algorithms. Moreover, comprehensive performance analysis and results presented validate the proposed model.
Article
Full-text available
In the digital forensics discipline, the lack of comprehensive research that addresses investigative challenges and opportunities for newer mobile Operating Systems (OSs) such as Android and iOS keeps continuing. These two OSs are currently widely operated by millions of smartphones and used by millions of users; therefore, forensic investigators need to be prepared to analyze these OSs during an investigation giving consideration to mobile app updates. The current research efforts focus on the forensic analysis of individual applications of certain OSs. In this study, we conducted a detailed forensic investigation of both Android and iOS OSs to (1) elucidate their structures for investigators, (2) identify pertinent forensic artifacts, (3) highlight any privacy and security concerns in popular applications present on both OSs, and (4) validate the forensic investigation on the selected tools for reproducibility and verification purposes. This work aims to analyze 27 Android and 33 iOS mobile applications comprehensively.
Article
Full-text available
Cyber attackers exploit a network of compromised computing devices, known as a botnet, to attack Internet-of-Things (IoT) networks. Recent research works have recommended the use of Deep Recurrent Neural Network (DRNN) for botnet attack detection in IoT networks. However, for high feature dimensionality in the training data, high network bandwidth and a large memory space will be needed to transmit and store the data, respectively in IoT back-end server or cloud platform for Deep Learning (DL). Furthermore, given highly imbalanced network traffic data, the DRNN model produces low classification performance in minority classes. In this paper, we exploit the joint advantages of Long Short-Term Memory Autoencoder (LAE), Synthetic Minority Oversampling Technique (SMOTE), and DRNN to develop a memory-efficient DL method, named LS-DRNN. The effectiveness of this method is evaluated with the Bot-IoT dataset. Results show that the LAE method reduced the dimensionality of network traffic features in the training set from 37 to 10, and this consequently reduced the memory space required for data storage by 86.49%. SMOTE method helped the LS-DRNN model to achieve high classification performance in minority classes, and the overall detection rate increased by 10.94%. Furthermore, the LS-DRNN model outperformed state-of-the-art models.
Article
Full-text available
Advancement of information and communication techniques have led to share big amount of information which is increasing day by day through online activities and creating new added value over the internet services. At the same time threats to the security of cyber world has been increased with increasing number of heterogeneous connection points having powerful computational capacity. Internet being used to interact and control such automatic network devices connected to it. But hackers/crackers can exploit this network environment by putting malicious dummy node(s) or machine(s) called Botnet(s) to co-ordinate the attacks on security such as Denial of Service (DoS) or Distributed Denial of Service (DDoS). The proposed method attempts to identify those mallicious Botnet traffic from regular traffic using novel deep learning approaches like Artificial Neural Networks (ANN), Gatted Recurrent Units (GRU), Long or Short Term Memory (LSTM) model. The proposed model demonstrates significant improvement of all previous works. The testing dataset, Bot-IoT dataset is the latest and one of the largest public domain dataset used to justify improvement. Testing shows 99.7% classification accuracy which is precise and better than all previous works done. Results analysis and comparison shows the accuracy and supremacy over the latest work done on this field.
Article
Full-text available
New smartphones made by small companies enter the technology market everyday. These new devices introduce new challenges for mobile forensic investigators as these devices end up becoming pertinent evidence during an investigation. One such device is the PinePhone from Pine Microsystems (Pine64). These new devices are sometimes also shipped with OSes that are developed by open source communities and are otherwise never seen by investigators. Ubuntu Touch is one of these OSes and is currently being developed for deployment on the PinePhone. There is little research behind both the device and OS on what methodology an investigator should follow to reliably and accurately extract data. This results in potentially flawed methodologies being used before any testing can occur and contributes to the backlog of devices that need to be processed. Therefore, in this paper, the first forensic analysis of the PinePhone device with Ubuntu Touch OS is performed using Autopsy, an open source tool, to establish a framework that can be used to examine and analyze devices running the Ubuntu Touch OS. The findings include analysis of artifacts that could impact user privacy and data security, organization structure of file storage, app storage, OS, etc. Moreover, locations within the device that stores call logs, SMS messages, images, and videos are reported. Interesting findings include forensic artifacts, which could be useful to investigators in understanding user activity and attribution. This research will provide a roadmap to the digital forensic investigators to efficiently and effectively conduct their investigations where they have Ubuntu Touch OS and/or PinePhone as the evidence source.
Chapter
Full-text available
This chapter provides an overview of research opportunities and issues in IoT forensics. It gives a quick introduction to forensics and digital forensics. Key specifics of IoT forensics are explained. Issues that arise from IoT related challenges in all phases of a forensic investigation are presented. Some opportunities that IoT brings to forensics are pointed out. An example of an IoT forensics case is provided. A detailed research overview is given, providing information on the main research directions with a brief overview of relevant papers. The chapter concludes with some ideas for future research.
Chapter
Full-text available
The pursuit of cybercrime in an IoT environment often requires complex investigations where the traditional digital forensics methodology may struggle to support the forensics investigators. This is due to the nature of the technologies such as RFID, sensors and cloud computing, used in IoT environments together with the huge volume and heterogeneous information and borderless cyber infrastructure, rising new challenges in modern digital forensics. In the last few years, many researches have been conducted discussing the challenges facing digital forensic investigators and the impact of these challenges bring upon the field. Some of these challenges include the ambiguity of data location, data acquisition, diversity of devices, various data types, volatility of data and the lack of adequate forensics tools. Moreover, while there are many technical challenges in IoT forensics, there are also non-technical challenges such as determining what are IoT devices, how to forensically acquire data and secure the chain of custody among other unexplored areas, including resources required for training or the type of applied forensics tools. A profound understanding of the challenges found in the literature will help the researchers in identifying future research directions and provide some guidelines to support forensics investigators. This study presents a succinct overview of IoT forensics challenges focusing on a typical smart home investigation and a comparison of the existing frameworks to conduct forensics investigations in the IoT environment.
Article
Full-text available
IoT networks are increasingly popular nowadays to monitor critical environments of different nature, significantly increasing the amount of data exchanged. Due to the huge number of connected IoT devices, security of such networks and devices is therefore a critical issue. Detection systems assume a crucial role in the cyber-security field: based on innovative algorithms such as machine learning, they are able to identify or predict cyber-attacks, hence to protect the underlying system. Nevertheless, specific datasets are required to train detection models. In this work we present MQTTset, a dataset focused on the MQTT protocol, widely adopted in IoT networks. We present the creation of the dataset, also validating it through the definition of a hypothetical detection system, by combining the legitimate dataset with cyber-attacks against the MQTT network. Obtained results demonstrate how MQTTset can be used to train machine learning models to implement detection systems able to protect IoT contexts.
Article
Full-text available
Although the Internet of Things (IoT) can increase efficiency and productivity through intelligent and remote management, it also increases the risk of cyber-attacks. The potential threats to IoT applications and the need to reduce risk have recently become an interesting research topic. It is crucial that effective Intrusion Detection Systems (IDSs) tailored to IoT applications be developed. Such IDSs require an updated and representative IoT dataset for training and evaluation. However, there is a lack of benchmark IoT and IIoT datasets for assessing IDSs-enabled IoT systems. This paper addresses this issue and proposes a new data-driven IoT/IIoT dataset with the ground truth that incorporates a label feature indicating normal and attack classes, as well as a type feature indicating the sub-classes of attacks targeting IoT/IIoT applications for multi-classification problems. The proposed dataset, which is named TON_IoT, includes Telemetry data of IoT/IIoT services, as well as Operating Systems logs and Network traffic of IoT network, collected from a realistic representation of a medium-scale network at the Cyber Range and IoT Labs at the UNSW Canberra (Australia). This paper also describes the proposed dataset of the Telemetry data of IoT/IIoT services and their characteristics. TON_IoT has various advantages that are currently lacking in the state-of-the-art datasets: i) it has various normal and attack events for different IoT/IIoT services, and ii) it includes heterogeneous data sources. We evaluated the performance of several popular Machine Learning (ML) methods and a Deep Learning model in both binary and multi-class classification problems for intrusion detection purposes using the proposed Telemetry dataset. INDEX TERMS Internet of Things (IoT), Industrial Internet of Things (IIoT), cybersecurity, intrusion detection systems (IDSs), dataset.
Article
Full-text available
Internet of Things (IoT) are becoming commonplace in homes, buildings, cities, and nations, and IoT networks are also getting more complex and interconnected. The complexity, interconnectivity, and heterogeneity of IoT systems, however, complicate digital (forensic) investigations. The challenge is compounded due to the lack of holistic and standardized approaches. Hence, building on the ISO/IEC 27043 international standard, we present a holistic digital forensic readiness (DFR) framework. We also qualitatively evaluate the utility of the proposed DFR framework.
Article
Full-text available
The rapid development in 5G cellular and IoT technologies is expected to be deployed widespread in the next few years. At the same time, crime rates are also increasing to a greater extent while the investigation officers are held responsible to deal with a broad range of cyber and internet issues in investigations. Therefore, advanced IT technologies and IoT devices can be deployed to ease the investigation process, especially, the identification of suspects. At present, only a few research works has been conducted upon deep learning-based Face Sketch Synthesis (FSS) models, concerning its success in diverse application domains including conventional face recognition. This paper proposes a new IoT-enabled Optimal Deep Learning based Convolutional Neural Network (ODL-CNN) for FSS to assist in suspect identification process. The hyper parameter optimization of the DL-CNN model was performed using Improved Elephant Herd Optimization (IEHO) algorithm. In the beginning, the proposed method captures the surveillance videos using IoT-based cameras which are then fed into the proposed ODL-CNN model. The proposed method initially involves preprocessing in which the contrast enhancement process is carried out using Gamma correction method. Then, the ODL-CNN model draws the sketches of the input images following which it undergoes similarity assessment, with professional sketch being drawn as per the directions from eyewitnesses. When the similarity between both the sketches are high, the suspect gets identified. A comprehensive qualitative and quantitative examination was conducted to assess the effectiveness of the presented ODL-CNN model. A detailed simulation analysis pointed out the effective performance of ODL-CNN model with maximum average Peak Signal to Noise Ratio (PSNR) of 20.11dB, Average Structural Similarity (SSIM) of 0.64 and average accuracy of 90.10%.
Article
Internet of Things is rapidly changing the human lives to bring convenience in domestic, public and industrial environments spanning across multiple application domains. At the same time, increasing security attacks on these networks raised alarms for timely response by forensic investigators to avoid severe consequences of the attacks. Major network forensic approaches proposed so far for IoT are based on recording and analyzing the network traffic to produce suitable evidences. One of the greatest challenges in this process is the identification and correlation of suitable artifacts among volumes of network packets to reconstruct the attack scenarios during forensic investigation. To address this challenge, we propose ProvNet-IoT, a novel provenance based forensic model for investigating network level attacks in IoT environment. The interactions between different nodes at network layer are depicted using information, functional, and event modeling techniques. We use progressive network provenance to explain different events pertaining to various attack scenarios and to provide forensically sound evidences. ProvNet-IoT is validated using two publicly available labeled IoT datasets with a corpus of different attacks. Experimental results showed the benchmark performance of ProvNet-IoT in identifying selective artifacts to produce reliable evidences during forensic investigation.
Article
Deep Learning (DL) is an efficient method for botnet attack detection. However, the volume of network traffic data and memory space required is usually large. It is, therefore, almost impossible to implement the DL method in memory-constrained IoT devices. In this paper, we reduce the feature dimensionality of large-scale IoT network traffic data using the encoding phase of Long Short-Term Memory Autoencoder (LAE). In order to classify network traffic samples correctly, we analyse the long-term interrelated changes in the low-dimensional feature set produced by LAE using deep Bidirectional Long Short-Term Memory (BLSTM). Extensive experiments are performed with the BoT-IoT dataset to validate the effectiveness of the proposed hybrid DL method. Results show that LAE significantly reduced the memory space required for large-scale network traffic data storage by 91.89%, and it outperformed state-of-the-art feature dimensionality reduction methods by 18.92 − 27.03%. Despite the significant reduction in feature size, the deep BLSTM model demonstrates robustness against model under-fitting and over-fitting. It also achieves good generalisation ability in binary and multi-class classification scenarios.
Article
With the prevalence of Internet of Things (IoT) systems, inconspicuous everyday household devices are connected to the Internet, providing automation and real-time services to their users. In spite of their light-weight design and low power, their vulnerabilities often give rise to cyber risks that harm their operations over network systems. One of the key challenges of securing IoT networks is tracing sources of cyber-attack events, along with obfuscating and encrypting network traffic. This study proposes a new network forensics framework , called a Particle Deep Framework (PDF), which describes the digital investigation phases for identifying and tracing attack behaviours in IoT networks. The proposed framework includes three new functions: (1) extracting network data flows and verifying their integrity to deal with encrypted networks; (2) utilising a Particle Swarm Optimization (PSO) algorithm to automatically adapt parameters of deep learning; and (3) developing a Deep Neural Network (DNN) based on the PSO algorithm to discover and trace abnormal events from IoT network of smart homes. The proposed PDF is evaluated using the Bot-IoT and UNSW_NB15 datasets and compared with various deep learning techniques. Experimental results reveal a high performance of the proposed framework for discovering and tracing cyber-attack events compared with the other techniques.
Article
The proliferation of IoT systems, has seen them targeted by malicious third parties. To address this challenge, realistic protection and investigation countermeasures, such as network intrusion detection and network forensic systems, need to be effectively developed. For this purpose, a well-structured and representative dataset is paramount for training and validating the credibility of the systems. Although there are several network datasets, in most cases, not much information is given about the Botnet scenarios that were used. This paper proposes a new dataset, so-called Bot-IoT, which incorporates legitimate and simulated IoT network traffic, along with various types of attacks. We also present a realistic testbed environment for addressing the existing dataset drawbacks of capturing complete network information, accurate labeling, as well as recent and complex attack diversity. Finally, we evaluate the reliability of the BoT-IoT dataset using different statistical and machine learning methods for forensics purposes compared with the benchmark datasets. This work provides the baseline for allowing botnet identification across IoT-specific networks. The Bot-IoT dataset can be accessed at Bot-iot (2018) [1].