A New Network Digital Forensics Approach for Internet of Things Environment Based on Binary Owl Optimizer

The Internet of Things (IoT) is widespread in our lives these days (e.g., Smart homes, smart cities, etc.). Despite its significant role in providing automatic real-time services to users, these devices are highly vulnerable due to their design simplicity and limitations regarding power, CPU, and memory. Tracing network traffic and investigating its behavior helps in building a digital forensics framework to secure IoT networks. This paper proposes a new Network Digital Forensics approach called (NDF IoT). The proposed approach uses the Owl optimizer for selecting the best subset of features that help in identifying suspicious behavior in such environments. The NDF IoT approach is evaluated using the Bot IoT UNSW dataset in terms of detection rate, false alarms, accuracy, and f-score. The approach being proposed has achieved 100% detection rate and 99.3% f-score and outperforms related works that used the same dataset while reducing the number of features to three features only.