A Multi-Source Deep Learning and Swarm Intelligence Framework for Secure and Interpretable IoT Forensic Analysis

With the rapid proliferation of Internet-of-Things(IoT) devices in diverse domains, securing IoT ecosystems has risen to an urgent problem because of the heterogeneity and vulnerabilities to cyber-attacks associated with these devices. Typical security and forensic models are unable to comprehend the changed, complex device behaviors and multi-source evidence, leading to mistimed and/or inaccurate indicators of threat. This study proposes a new multi-source IoT forensic framework that includes Deep Learning (DL) and swarm intelligence that models device behaviors, detects anomalies, and provides actionable forensic analysis through the thoughtful consideration of multi-source evidence. The framework has a hybrid CNN-LSTM(Convolutional Neural Network-Long Short-term Memory) architecture to extract spatial-temporal features, where both deep learning and swarm intelligence optimization strategies are applied as hyperparameter tuning and feature selection, along with multi-modal evidence fusion to correlate data across several sources of evidence. Experiments simulating attacks using the TON-IoT data set show its superior performance, with an accuracy of 99.62%, precision of 99.41%, recall of 99.83%, F1-Score of 99.62%, MCC of 0.996, and AUC-ROC of 0.998. The findings posit that our framework demonstrated more ability versus baselines, including Random Forest(RF), LSTM, and Autoencoder(AE). The research findings assert that our framework is reliable, interpretable, and efficient for conducting forensic analysis, which can expedite cybersecurity measures through a timely, equitable, and reliable method for IoT analysis processing.