International Journal of Engineering Trends and Technology (IJETT) – Editor’s Issues - 2020 ISSN: 2231-5381 doi : 10.14445/22315381/CATI2P208 Page 52 An Epidemic Based Model for the Predictions of OOFI in an IoT Platform Mohammed Ibrahim, Mohd Taufik Abdullah, Azizol Abdullah, Thinagaran Perumal Faculty of Computer Science & Information Technology, Universiti Putra Malaysia, Selangor, Malaysia ABSTRACT Based on the notion that when a particular node is maliciously infected, there is probability of propagating such infections to other susceptible nodes in a network. This lead to the development of malware spreading models to predict the transmission rate, transmission parameters and the number of infected nodes per unit time. However, the emergence of Internet of Things (IoT) with strong base in both wired and wireless sensor network(WSN), predicting the spreading of malware infections is not the only source of concern for forensic analysis. Considering the heterogeneity and data volatility of IoT nodes, predicting the object of forensic interest (OOFI) in resource-constraint devices like sensor nodes as well as the diffusion of data among the neighboring nodes remain a critical issue for forensic analysis. From the concept of epidemic theory, a novel model is proposed called Susceptible-Infective-Recovered with Forensic (SIR-F) that can predict and isolate OOFI among various nodes in IoT network. The essence of introducing forensic mechanism is to ascertain the OOFI by predicting the responsible nodes holding the data of forensic interest. As such, SIR-F can timely enhance the process of identifying OOFI of the collection phase of digital forensic standard operating procedure (SOP). Keywords: Forensic, Internet of Things, Malware, Sensor. I. INTRODUCTION Internet of Things (IoT) as widely known combined the functions of both wired and wireless network technology that utilized sensor capability in exchange of data. Sensor nodes like other nodes on a network are prone to malware attacks, however, based on the notion that when a particular node is maliciously infected, there is a probability of propagating such infections to the neighborhood susceptible nodes. In this regard, malware propagation and malware spreading models are required to predict the transmission rate, transmission parameters and the number of infected sensor nodes per unit time in a given wireless sensor network (WSN). WSN as a fundamental network background of IoT was designed to transmit their observational values to processing/control center as well as a sink node that works as a user interface [1]. Nevertheless, as a result of narrow transmission range, sensor data that are generated distant away from the sink node must be pass along with the intermediate nodes [1]. This shows that source node transmits own data to their neighboring nodes, the neighboring nodes also transmit the data to their various neighboring nodes [1]. In addition, sensor nodes are resource-constrained, they are associated with low-power and limited-memory capability. As such, ascertaining the actual sensor nodes holding the data of forensic interest at the point of investigation remain critical. Therefore, embedding sensor nodes into IoT technology to capture and transmit data autonomously can further complicate the process of outsourcing and predicting object of forensic interest(OOFI). Moreover, in IoT, unlike in other network platforms,OOFI may not always be available or accessible at the point of investigation[2]. Similarly, evidence volatility in IoT remain an issue, data can be locally stored by a thing(device or node) but can later be overwritten/compressed using a lossy techniques [3]. Also, data from a thing can be transferred and consumed by another thing or a local ad-hoc network of things[3]. In some instances, it is likely to acquire the necessary data from the connected devices than from the primary embedded device [4]. Consequently, predicting the device(s) or node(s) holding the data of forensic interest is paramount for forensic analysis. Hence, we argued that besides developing model for malware propagation in sensor based IoT network, there is need for model of predicting OOFI which will likewise turn to predict devices or nodes holding the data of forensic interest. In recent time, various epidemic models [5], [6]were adopted and modify to predict the spreads of malware attacks in wireless sensor network. However, despite the weakness of the models in handling the spreading of malware attacks in IoT network, the epidemic models does not consider the prediction of OOFI in WSN for the