Man-in-the-Middle Attacks on MQTT based IoT networks

“The use of Internet-of-Things (IoT) devices has increased a considerable amount in recent years due to decreasing cost and increasing availability of transistors, semiconductor, and other components. Examples can be found in daily life through smart cities, consumer security cameras, agriculture sensors, and more. However, Cyber Security in these IoT devices are often an afterthought making these devices susceptible to easy attacks. This can be due to multiple factors. An IoT device is often in a smaller form factor and must be affordable to buy in large quantities; as a result, IoT devices have less resources than a typical computer. This includes less processing power, battery power, and random access memory (RAM). This limits the possibilities of traditional security in IoT devices. To help evaluate the state of IoT devices and further enforce them, we present an easy to use program that requires little to no prior knowledge of the target infrastructure. The process is a Man-in-the-Middle (MITM) attack that hijacks packets sent between IoT devices using the popular MQTT protocol. We do this by using a WiFi Pineapple from Hak5, in the device’s raw form, is a WiFi access point with specific offensive capabilities installed as software. We then pass these packets into a custom General Adversarial Network (GAN) that utilizes a Natural Language Processing (NLP) model to generate a malicious message. Once malicious messages are generated, the messages are passed back to the WiFI Pineapple and sent as a legitimate packet among the network. We then look at the efficiency of these malicious messages through different NLP algorithms. In this particular work, we analyze an array of BERT variants and GPT-2”--Abstract, page iv

A Deep Learning-Based Intrusion Detection System for MQTT Enabled IoT

A large number of smart devices in Internet of Things (IoT) environments communicate via different messaging protocols. Message Queuing Telemetry Transport (MQTT) is a widely used publish–subscribe-based protocol for the communication of sensor or event data. The publish–subscribe strategy makes it more attractive for intruders and thus increases the number of possible attacks over MQTT. In this paper, we proposed a Deep Neural Network (DNN) for intrusion detection in the MQTT-based protocol and also compared its performance with other traditional machine learning (ML) algorithms, such as a Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbour (kNN), Decision Tree (DT), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRUs). The performance is proved using two different publicly available datasets, including (1) MQTT-IoT-IDS2020 and (2) a dataset with three different types of attacks, such as Man in the Middle (MitM), Intrusion in the network, and Denial of Services (DoS). The MQTT-IoT-IDS2020 contains three abstract-level features, including Uni-Flow, Bi-Flow, and Packet-Flow. The results for the first dataset and binary classification show that the DNN-based model achieved 99.92%, 99.75%, and 94.94% accuracies for Uni-flow, Bi-flow, and Packet-flow, respectively. However, in the case of multi-label classification, these accuracies reduced to 97.08%, 98.12%, and 90.79%, respectively. On the other hand, the proposed DNN model attains the highest accuracy of 97.13% against LSTM and GRUs for the second dataset

Análisis de la seguridad del protocolo de transporte MQTT en dispositivos para internet de las cosas.

Internet de las cosas ha crecido rápidamente y su implementación dentro de todos los campos es una realidad al igual que las amenazas de seguridad por lo que implica tener conectado a internet los dispositivos cotidianos que utiliza la sociedad en general por lo que se ha hecho necesario establecer normatividad y estandarizar la implementación de esta tecnología en todos sus aspectos como los protocolos de comunicación, es así que la organización internacional de estándares, ISO ha estandarizado el protocolo de transporte de mensajes MQTT (Message Queue Telemetry Transport) como protocolo aplicable a los entornos donde se realiza comunicación de dispositivos de Internet de las cosas para contribuir a las buenas prácticas de seguridad se presenta este estudio que pretende determinar las vulnerabilidades de la implementación del protocolo MQTT para obtener mecanismos y herramientas de mitigación de amenazas mediante la identificación de las amenazas y evaluación de los mecanismos de mitigación del riesgo. Esto permite determinar los mejores campos de aplicación del protocolo MQTT teniendo en cuenta en qué tipo de comunicación se hace más o menos vulnerable determinando las mejores prácticas de seguridad con un protocolo de transporte estandarizado para el uso de comunicaciones en internet de las cosas.The internet of things technology has grown rapidly and its implementation within all fields is a reality as well as security threats, so it means having the daily devices used by society in general connected to the internet, so it has been It is necessary to establish regulations and standardize the implementation of this technology in all its aspects such as communication protocols, so the international organization of standards, ISO has standardized the message transport protocol MQTT (Message Queue Telemetry Transport) as a protocol applicable to The environments where communication of Internet devices of things is carried out to contribute to good security practices presents this study that aims to determine the vulnerabilities of the implementation of the MQTT protocol to obtain mechanisms and tools for mitigating threats by identifying threats and assess tion of risk mitigation mechanisms. This makes it possible to determine the best fields of application of the MQTT protocol, taking into account the type of communication that is more or less vulnerable, determining the best security practices with a standardized transport protocol for the use of communications on the Internet of Things

Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats

Despite its technological benefits, Internet of Things (IoT) has cyber weaknesses due to the vulnerabilities in the wireless medium. Machine learning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. Advanced persistent threat (APT) is prominent for cybercriminals to compromise networks, and it is crucial to long-term and harmful characteristics. However, it is difficult to apply ML-based approaches to identify APT attacks to obtain a promising detection performance due to an extremely small percentage among normal traffic. There are limited surveys to fully investigate APT attacks in IoT networks due to the lack of public datasets with all types of APT attacks. It is worth to bridge the state-of-the-art in network attack detection with APT attack detection in a comprehensive review article. This survey article reviews the security challenges in IoT networks and presents the well-known attacks, APT attacks, and threat models in IoT systems. Meanwhile, signature-based, anomaly-based, and hybrid intrusion detection systems are summarized for IoT networks. The article highlights statistical insights regarding frequently applied ML-based methods against network intrusion alongside the number of attacks types detected. Finally, open issues and challenges for common network intrusion and APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table