An AI-Based Network Forensic Readiness Framework for Resource-Constrained Environments

An AI-Based Network Forensic Readiness Framework for Resource-Constrained Environments

연구 분야: Safety

학회: International Conference on Availability, Reliability and Security

In recent years, the adoption of Internet of Things (IoT) devices has transformed industries and daily life. However, the integration of real-time services and internet connectivity increases the risk of attackers exploiting network vulnerabilities. Investigating such vulnerabilities in Resource-Constrained Environments (RCEs) poses challenges due to limited computational capacity, power constraints, and the heterogeneity of IoT-generated data and traffic. To address these issues, this study proposes a framework integrating optimised artificial intelligence models trained on the CICIoT2023 and CSE-CIC-IDS2018 datasets. A Docker-based simulation replicates constrained environments and captures network traffic in real time. The framework continuously monitors resources and dynamically selects the most suitable AI model for attack detection. Once an attack is detected, the system captures and preserves digitally signed critical forensic artefacts, categorised into system metadata, event/resource logs, network data, and processes. The AI-based framework aligns with ISO/IEC 27043:2015 Digital Forensic Readiness principles, automating many manual procedures and reducing both time and human effort. The quantitative evaluation demonstrates the effectiveness of the proposed network forensic readiness framework to address the specific challenges of RCEs.