Abstract
ABSTRACT Sustained Internet of Things (IoT) deployment and functioning are heavily reliant on the use of effective data communication protocols. In the IoT landscape, the publish/subscribe-based Message Queuing Telemetry Transport (MQTT) protocol is popular. Cyber security threats against the MQTT protocol are anticipated to increase at par with its increasing use by IoT manufacturers. In particular, IoT is vulnerable to protocol-based Application layer Denial of Service (DoS) attacks, which have been known to cause widespread service disruption in legacy systems. In this paper, we propose an Application layer DoS attack detection framework for the MQTT protocol and test the scheme on legitimate and protocol compliant DoS attack scenarios. To protect the MQTT message brokers from such attacks, we propose a machine learning-based detection framework developed for the MQTT protocol. Through experiments, we demonstrate the impact of such attacks on various MQTT brokers and evaluate the effectiveness of the proposed framework to detect these malicious attacks. The results obtained indicate that the attackers can overwhelm the server resources even when legitimate access was denied to MQTT brokers and resources have been restricted. In addition, the MQTT features we have identified showed high attack detection accuracy. The field size and length-based features drastically reduced the false-positive rates and are suitable in detecting IoT based attacks.
Highlights
Critical infrastructures (CIs) are increasingly aiming to improve their efficiencies to deliver services to their stakeholders, with the Internet of Things (IoT) promising to provide significant opportunities for improving various CI processes for industries and consumers alike
The steps followed in the detection framework to classify Message Queuing Telemetry Transport (MQTT) traffic are illustrated in Figure 3 and the three classifiers adopted in MQTT attack detection are discussed below: average one-dependence estimator (AODE) Classifier Webb et al (2005): The AODE classifier is a variant of the Naïve Bayes classifier that estimates the probability of the class of each output variable Y given a set of input features x1,...xn
The effectiveness of the proposed feature set was validated using three fundamentally different machine learning algorithms namely, AODE based on Naive Bayes, C4.5 based on Decision Tress and Multi-Layer Perceptron (MLP) based on artificial neural network (ANN)
Summary
Critical infrastructures (CIs) are increasingly aiming to improve their efficiencies to deliver services to their stakeholders, with the Internet of Things (IoT) promising to provide significant opportunities for improving various CI processes for industries and consumers alike. The message broker plays an important role in MQTT as it decouples the sensors and actuators or monitoring IoT devices in both space and time This is achieved by a process known as filtering. The messages between publishers and subscribers are communicated using various control packets which contains a fixed two byte protocol header This ensures a small message overhead suitable for constrained devices operating in unreliable communication networks. A range of security challenges exist for IoT, but Denial of Service (DoS) attacks that target the data communication system pose a significant challenge to IoT deployments (Heer et al, 2011) Such attacks can pose as a major challenge in cyber-physical CIs, which rely on real-time inter-device communications (Ten et al, 2010).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
