IoT-MQTT based denial of service attack modelling and detection

Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks

A Fog Computing Framework for Intrusion Detection of Energy-Based Attacks on UAV-Assisted Smart Farming

Precision agriculture and smart farming have received significant attention due to the advancements made in remote sensing technology to support agricultural efficiency. In large-scale agriculture, the role of unmanned aerial vehicles (UAVs) has increased in remote monitoring and collecting farm data at regular intervals. However, due to an open environment, UAVs can be hacked to malfunction and report false data. Due to limited battery life and flight times requiring frequent recharging, a compromised UAV wastes precious energy when performing unnecessary functions. Furthermore, it impacts other UAVs competing for charging times at the station, thus disrupting the entire data collection mechanism. In this paper, a fog computing-based smart farming framework is proposed that utilizes UAVs to gather data from IoT sensors deployed in farms and offloads it at fog sites deployed at the network edge. The framework adopts the concept of a charging token, where upon completing a trip, UAVs receive tokens from the fog node. These tokens can later be redeemed to charge the UAVs for their subsequent trips. An intrusion detection system is deployed at the fog nodes that utilize machine learning models to classify UAV behavior as malicious or benign. In the case of malicious classification, the fog node reduces the tokens, resulting in the UAV not being able to charge fully for the duration of the trip. Thus, such UAVs are automatically eliminated from the UAV pool. The results show a 99.7% accuracy in detecting intrusions. Moreover, due to token-based elimination, the system is able to conserve energy. The evaluation of CPU and memory usage benchmarks indicates that the system is capable of efficiently collecting smart-farm data, even in the presence of attacks

The Economic Impacts of Port Activity in Antwerp: A Disaggregated Analysis

The importance of ports is usually measured by indicators such as added value, employment and investment on a much aggregated level. This paper tries to define the importance of the port of Antwerp for the regional and national economy on a disaggregated level. It attempts to identify, quantify and locate the mutual relationships between the different players in the port and between these players and other industries. Finally, it proposes a method to calculate the effects of changes in port activity at a detailed level. A sector analysis is done by means of a reduced regional input-output table, through a bottom-up approach. The most important customers and suppliers of the port's key players or stakeholders are identified. A geographical analysis is feasible by using data on a disaggregated level. Each customer or supplier can be located by means of their postcode. In this way, the extent of the economic impact of the port of Antwerp is quantified.

Economic impact of port activity : a disaggregate analysis. The case of Antwerp

The economic impact of the port sector is usually measured at an aggregate level by indicators such as value added, employment and investment. This paper tries to define the economic relevance for the regional as well as for the national economy at a disaggregate level. It attempts to identify, quantify and locate the mutual relationships between the various port players themselves and between them and other Belgian industries. Due to a lack of information foreign trade is only tackled very briefly but the method outlined in this paper can be used to measure the national effects of changes in port activity at a detailed level. A sector analysis is made by compiling a regional (regional as geographically opposed to national, not to be mistaken for the Belgian Regions Brussels, Flanders and Wallonia) input-output table, resorting to microeconomic data: a bottom-up approach. The main customers and suppliers of the port's key players or stakeholders are identified. A geographical analysis can also be carried out by using data at a disaggregate level. Each customer or supplier can be located by means of their postcode. In so doing, the economic impact of the port is quantified, both functionally and geographically. In the case of the port of Antwerp, the results show important links between freight forwarders and agents. The geographical analysis suggests the existence of major agglomerating effects in and around the port of Antwerp, referred to as a major transhipment location point. Key words: port economics, regional input-output table, sector analysis, geographical analysis.port economics, regional input-output table, sector analysis, geographical analysis

BORDER: A Benchmarking Framework for Distributed MQTT Brokers

[EN] Message queuing telemetry transport (MQTT), one of the most popular application layer protocols for the Internet of Things, works according to a publish/subscribe paradigm where clients connect to a centralized broker. Sometimes (e.g., in high scalability and low-latency applications), it is required to depart from such a centralized approach and move to a distributed one, where multiple MQTT brokers cooperate together. Many MQTT brokers (both open source or commercially available) allow to create such a distributed environment: however, it is challenging to select the right solution due to the many available choices. This article proposes, therefore benchmarking framework for distributed MQTT brokers (BORDER), a framework for creating and evaluating distributed architectures of MQTT brokers with realistic and customizable network topologies. Based on isolated Docker containers and emulated network components, the framework provides quantitative metrics about the overall system performance, such as End-to-End latency as well as network and physical resources consumed. We use BORDER to compare five of the most popular MQTT brokers that allow the creation of distributed architectures and we release it as an open-source project to allow for reproducible researches.This work was supported in part by the Project BASE5G under Project 1155850 funded by Regione Lombardia within the framework POR FESR 2014-2020.Longo, E.; Redondi, A.; Cesana, M.; Manzoni, P. (2022). BORDER: A Benchmarking Framework for Distributed MQTT Brokers. IEEE Internet of Things. 9(18):17728-17740. https://doi.org/10.1109/JIOT.2022.3155872177281774091

Designing and implementing a distributed earthquake early warning system for resilient communities: a PhD thesis

The present work aims to comprehensively contribute to the process, design, and technologies of Earthquake Early Warning (EEW). EEW systems aim to detect the earthquake immediately at the epicenter and relay the information in real-time to nearby areas, anticipating the arrival of the shake. These systems exploit the difference between the earthquake wave speed and the time needed to detect and send alerts. This Ph.D. thesis aims to improve the adoption, robustness, security, and scalability of Earthquake Early Warning systems using a decentralized approach to data processing and information exchange. The proposed architecture aims to have a more resilient detection, remove Single point of failure, higher efficiency, mitigate security vulnerabilities, and improve privacy regarding centralized EEW architectures. A prototype of the proposed architecture has been implemented using low-cost sensors and processing devices to quickly assess the ability to provide the expected information and guarantees. The capabilities of the proposed architecture are evaluated not only on the main EEW problem but also on the quick estimation of the epicentral area of an earthquake, and the results demonstrated that our proposal is capable of matching the performance of current centralized counterparts