A Tensor-Based Forensics Framework for Virtualized Network Functions in the Internet of Things: Utilizing Tensor Algebra in Facilitating More Efficient Network Forensic Investigations

With the ever-increasing network traffic and Internet connectivity of smart devices, more attack events are being reported. As a result, network forensics remains a topic of ongoing research interest in the Internet of Things (IoT). In this article, we present a novel tensor-based forensics approach for virtualized network functions (VNFs). An event tensor model is proposed to formalize the network events, and then, it is used for effectively updating the core event tensor. We then introduce a similarity tensor model to integrate the core event tensors on the orchestration and management layer in the network function virtualization (NFV) framework. Finally, we present an evidence tensor model for network forensics, where we demonstrate how evidence tensors can be merged.