FUTURE DEFENCE AND SECURITY
Key
capabilities
> Developing machine learning algorithms to extract evidence from encrypted IoT traffic
> Building an IoT device signature database for forensics applications
> Conducting systematic empirical study to characterise information for forensic evidence
Differentiators
> A web-based dashboard that provides interactive info-graphical representation of devices in monitoring
> Passive monitoring and identification of IoT devices from encrypted traffic
> A database of IoT devices containing encrypted IoT traffic flows and signatures corresponding to different device activities and behaviours
Key customers
> Law enforcement agencies can use this prototype / method to passively monitor a building space and track devices belonging to a person of interest > Defence , government or law enforcement do not require network admin or ISP corporation or credentials to risk detection
Key partnerships
> DSTG > AFP > University of Sydney
Quality accreditations and awards
> Research paper accepted in 49th IEEE Conference on Local Computer Networks ( LCN ), 2024 , France
> Demo paper accepted in 38th ACM Special Interest Group on Data Communication ( SIGCOMM ), 2024 , Sydney
IoT Network Forensics using Encrypted Traffic Analytics
A unified framework for encrypted traffic analytics ( ETA ) to extract useful forensic evidence from IoT devices
Research Project
By 2025 , it is estimated there will be more than 30 billion smart devices embedded in the physical world . This network of smart devices , known as the ‘ Internet of Things ’ ( IoT ), is driving new services and applications across many disciplines .
IoT devices often lack user interfaces , making them hard to access . Their miniaturised nature and infrequent communication make them difficult to locate . The diverse and unregulated market means analysts often encounter unfamiliar devices .
Despite end-to-end encryption , passive forensic evidence collection is possible . This research project has developed a new passive WiFi device-type identification method that uses features from probe request frame bodies . This approach creates device signatures that are unsw . to / rahat-masood
unaffected by MAC address randomisation .
Extensive testing revealed an average accuracy of 99 % in device-type identification . The proposed method outperforms deep learning methods with significantly less training data , achieving a 92 % F1 score with only one training sample per device type .
• 37