History Management for Network Information of IoT Devices

  • Daeil Jang
  • Taeeun Kim
  • Hwankuk Kim
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 733)


In an Internet of Things (IoT) environment, forensics is commonly used to perform accident analysis through network communication data and the existing memory and logs in a device. Network traffic and memory are volatile data, however, and IoT device logs pose difficulties in information retrieval as opposed to a PC environment due to device and environmental constraints. To do this, we will discuss history management of network information to analyze an accident. History management can be performed on 13 items including IP, firmware version, port number, protocol, service version, and vulnerability information associated with it, and selection of the time and object of infringement can be done by using the Euclidean distance for changeable data.


IoT History management Network forensics 



This work was supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2016-0-00193, IoT Security Vulnerabilities Search, Sharing and Testing Technology Development).


  1. 1.
    Wireshark: Wireshark Foundation.
  2. 2.
    Nmap Security Scanner.
  3. 3.
  4. 4.
    Censys: University of Michigan.
  5. 5.
    Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the USENIX Security Symposium, August 2013Google Scholar
  6. 6.
    Xianping, G.: Pattern Matching in Financial Time Series Data (1998)Google Scholar
  7. 7.
    Keogh, E.: A fast and robust method for pattern matching in time-series databases. In: Proceedings of the 9th International Conference on Tools with Artificial Intelligence, pp. 578–584 (1997)Google Scholar
  8. 8.
    Keogh, E., Smyth, P.: A probabilistic approach to fast pattern matching in time series databases. In: The Third Conference on Knowledge Discovery in Database and Data Mining, pp. 24–30 (1997)Google Scholar
  9. 9.
    Wang, W., Yang, J., Yu, P.S.: Mining patterns in long sequential data with noise. ACM SIGKDD Explor. 2, 28–33 (2001)CrossRefGoogle Scholar
  10. 10.
    Ge, X., Smyth, P.: Deformable Markov model templates for time-series pattern matching. In: Proceedings of the 6th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Boston, MA, vol. 20, no. 23, pp. 81–90 (2000) Google Scholar
  11. 11.
    Malegaonkar, A., Ariyaeeinia, A., Sivakumaran, P., Fortuna, J.: Unsupervised speaker change detection using probabilistic pattern matching. IEEE Sig. Process. Lett. 13(8), 509–512 (2006)CrossRefGoogle Scholar
  12. 12.
    Khan, B.H.: A Framework for Web-Based Learning. Educational Technology Publications, Englewood Cliffs (2000)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Security Technology R&D2 Team, Korea Internet Security Agency, South KoreaNajuRepublic of Korea

Personalised recommendations