Botnet attack investigation on Geography of Things (GoT) using INSPECT approach

The breakneck speed of Internet of Things (IoT) is continually growing with 5G networks to add new connected devices. Hackers make use of this IoT explosion as a perfect chance to launch attacks especially by building botnet army. There had been lot of research over the decade in detecting and investigating the Distributed Denial of Service (DDoS) attacks. This paper was aimed at the presentation of a cloud based forensic investigation framework that can adaptively acquire attack evidences from IoT environment. The investigation model is called INSPECT that worked in cloud data storageto acquire corresponding evidences of the DDoS attack launched on IoT. The model optimally selected and exploited the forensic fields alone from the vast cloud data logs in order to find the source of attack and to report dynamic chain of custody. As a continuous effort, an experimental setup was built with IoT Geo-spatial devices to launch DDoS attack scenario and investigation performed with contextual initialization based evidence acquisition. Significant progress was observed by isolating the trustworthy evidence data to avert any deliberate modification by attackers and presenting the chain of custody. The work provided way for the law enforcement authority to explore and reconstruct the crime scene using virtual machine snapshots with corresponding timestamp data. Experimental results revealed the high level of accuracy in the investigation of IoT data secured in the multitenant cloud.