Machine Learning Based Non-intrusive Digital Forensic Service for Smart Homes

Document Type


Publication Title

IEEE Transactions on Network and Service Management


Security and privacy concerns keep growing with the successful development of Internet of Things (IoT) and the booming deployment of smart homes. IoT devices are utilized cooperatively to enable the interactions between home surroundings and users’ daily lives, containing forensically-valuable information about what happens in smart homes, which can help introduce digital forensics into smart homes to alleviate the growing concerns. However, current IoT devices, apps, and platforms usually do not provide built-in capabilities for digital forensics. To overcome this limitation, we propose a non-intrusive solution (i.e., bringing no modification to IoT devices, apps, and platforms) of digital forensic service to provide Forensics-as-a-Service (FaaS) for smart homes. First, it leverages side-channel analysis on sniffed network traffic to monitor commands, actions, and states of IoT devices. Then, it introduces provenance graphs (i.e., causal graphs) for smart home modeling to provide a holistic and overall explanation of smart homes. Machine learning (ML) techniques are applied to overcome the deficiency of a non-intrusive solution as it suffers from challenges in data collection and smart home modeling. Finally, it conducts forensic analysis based on scalable, reusable policies that are designed for graph-based smart home modeling. We implement a prototype of our forensic service and evaluate it in a real-world smart home. The evaluation results show that our forensic service can effectively collect forensic data for smart home modeling and conduct forensic analysis to explain security risks in smart homes.

First Page


Last Page




Publication Date



Digital forensics, Internet of Things, machine learning, security service, smart home


IR Deposit conditions:

OA version (pathway a) Accepted version

No embargo

When accepted for publication, set statement to accompany deposit (see policy)

Must link to publisher version with DOI

Publisher copyright and source must be acknowledged