IoT-MQTT based denial of service attack modelling and detection

Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks

DoS/DDoS-MQTT-IoT: A dataset for evaluating intrusions in IoT networks using the MQTT protocol

Adversaries may exploit a range of vulnerabilities in Internet of Things (IoT) environments. These vulnerabilities are typically exploited to carry out attacks, such as denial-of-service (DoS) attacks, either against the IoT devices themselves, or using the devices to perform the attacks. These attacks are often successful due to the nature of the protocols used in the IoT. One popular protocol used for machine-to-machine IoT communications is the Message Queueing Telemetry Protocol (MQTT). Countermeasures for attacks against MQTT include testing defenses with existing datasets. However, there is a lack of real-world test datasets in this area. For this reason, this paper introduces a DoS/DDoS-MQTT-IoT dataset—that contains various DoS/DDoS attack scenarios using MQTT traffic—to help develop and test countermeasures against such attacks. To this end, a physical IoT testbed was constructed and a large volume of IoT data was generated that included standard MQTT traffic as well as 10 DoS scenarios. The usability of the dataset has been evaluated via machine learning

Denial of service attack detection through machine learning for the IoT

Sustained Internet of Things (IoT) deployment and functioning are heavily reliant on the use of effective data communication protocols. In the IoT landscape, the publish/subscribe-based Message Queuing Telemetry Transport (MQTT) protocol is popular. Cyber security threats against the MQTT protocol are anticipated to increase at par with its increasing use by IoT manufacturers. In particular, IoT is vulnerable to protocol-based Application layer Denial of Service (DoS) attacks, which have been known to cause widespread service disruption in legacy systems. In this paper, we propose an Application layer DoS attack detection framework for the MQTT protocol and test the scheme on legitimate and protocol compliant DoS attack scenarios. To protect the MQTT message brokers from such attacks, we propose a machine learning-based detection framework developed for the MQTT protocol. Through experiments, we demonstrate the impact of such attacks on various MQTT brokers and evaluate the effectiveness of the proposed framework to detect these malicious attacks. The results obtained indicate that the attackers can overwhelm the server resources even when legitimate access was denied to MQTT brokers and resources have been restricted. In addition, the MQTT features we have identified showed high attack detection accuracy. The field size and length-based features drastically reduced the false-positive rates and are suitable in detecting IoT based attacks

IoT-Flock: An Open-source Framework for IoT Traffic Generation

Network traffic generation is one of the primary techniques that is used to design and analyze the performance of network security systems. However, due to the diversity of IoT networks in terms of devices, applications and protocols, the traditional network traffic generator tools are unable to generate the IoT specific protocols traffic. Hence, the traditional traffic generator tools cannot be used for designing and testing the performance of IoT-specific security solutions. In order to design an IoT-based traffic generation framework, two main challenges include IoT device modelling and generating the IoT normal and attack traffic simultaneously. Therefore, in this work, we propose an open-source framework for IoT traffic generation which supports the two widely used IoT application layer protocols, i.e., MQTT and CoAP. The proposed framework allows a user to create an IoT use case, add customized IoT devices into it and generate normal and malicious IoT traffic over a real-time network. Furthermore, we set up a real-time IoT smart home use case to manifest the applicability of the proposed framework for developing the security solutions for IoT smart home by emulating the real world IoT devices. The experimental results demonstrate that the proposed framework can be effectively used to develop better security solutions for IoT networks without physically deploying the real-time use case.Comment: 6 Pages, 2 Figures, 4 Tables. Accepted in IEEE International Conference on Emerging Trends in Smart Technologies(ICETST) 202

Physical cyber-security algorithm for wireless sensor networks

Today, the wireless sensor network (WSN) plays an important role in our daily life. In addition, it is used in many applications such as military, medical, greenhouse, and transport. Due to the sending data between its nodes or to the base station requires a connection link, the sensor nodes can be exposed to the many attacks that exploit the weaknesses of the network. One of the most important types of these attacks is the denial of service (DoS). DoS attack exhausts the system's resources that lead the system to be out of service. In this paper, a cyber-security algorithm is proposed for physical level of WSN that adopts message queuing telemetry transport (MQTT) protocol for data transmission and networking. This algorithm predicts the DoS attacks at the first time of happening to be isolated from the WSN. It includes three stages of detecting the attack, predicting the effects of this attack and preventing the attacks by excluding the predicted nodes from the WSN. We applied a type of DoS attack that is a DoS injection attack (DoSIA) on the network protocol. The proposed algorithm is tested by adopting three case studies to cover the most common cases of attacks. The experiment results show the superior of the proposed algorithm in detecting and solving the cyber-attacks

MECInOT: a multi-access edge computing and industrial internet of things emulator for the modelling and study of cybersecurity threats

In recent years, the Industrial Internet of Things (IIoT) has grown rapidly, a fact that has led to an increase in the number of cyberattacks that target this environment and the technologies that it brings together. Unfortunately, when it comes to using tools for stopping such attacks, it can be noticed that there are inherent weaknesses in this paradigm, such as limitations in computational capacity, memory and network bandwidth. Under these circumstances, the solutions used until now in conventional scenarios cannot be directly adopted by the IIoT, and so it is necessary to develop and design new ones that can effectively tackle this problem. Furthermore, these new solutions must be tested in order to verify their performance and viability, which requires testing architectures that are compatible with newly introduced IIoT topologies. With the aim of addressing these issues, this work proposes MECInOT, which is an architecture based on openLEON and capable of generating test scenarios for the IIoT environment. The performance of this architecture is validated by creating an intelligent threat detector based on tree-based algorithms, such as decision tree, random forest and other machine learning techniques. Which allows us to generate an intelligent and to demonstrate, we could generate an intelligent threat detector and demonstrate the suitability of our architecture for testing solutions in IIoT environments. In addition, by using MECInOT, we compare the performance of the different machine learning algorithms in an IIoT network. Firstly, we present the benefits of our proposal, and secondly, we describe the emulation of an IIoT environment while ensuring the repeatability of the experiments

A Trust-Based Approach for Data Sharing in the MQTT Environment

© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. This is the accepted manuscript version of a conference paper which has been published in final form at https://doi.org/10.1109/PST58708.2023.10320147Internet of Things (IoT) is considered as a giant network of connected devices who collect data and share them with each other. There has been extensive developments on IoT standards and protocols that enable IoT devices to exchange data in a structured and meaningful way. Message Queuing Telemetry Transport (MQTT) is one of such developments receiving widely adoption for industrial applications. It is designed as a lightweight messaging protocol based on the publish-subscribe model by which clients publish messages to a broker who is responsible for distributing the messages to subscribed clients. MQTT is often deployed in a hostile environment in which IoT devices and brokers are vulnerable to attacks. While security for MQTT has received great attention, it does not adequately address the authorisation issues within a decentralised MQTT environment. Existing work adopts policy-based approaches to regulate data sharing across multiple brokers, which we believe, are unlikely to scale well. In this paper we propose a trust-based approach that can be easily incorporated into the existing implementation of MQTT broker. We introduce a way of computing trust rating of brokers and develop two means of using the trust ratings to control data flow across multiple broker domains. Our approach is capable of detecting and blocking malicious clients and brokers from sending false or malicious messages into the system

Intelligent One-Class Classifiers for the Development of an Intrusion Detection System: The MQTT Case Study

[EN] The ever-increasing number of smart devices connected to the internet poses an unprecedented security challenge. This article presents the implementation of an Intrusion Detection System (IDS) based on the deployment of different one-class classifiers to prevent attacks over the Internet of Things (IoT) protocol Message Queuing Telemetry Transport (MQTT). The utilization of real data sets has allowed us to train the one-class algorithms, showing a remarkable performance in detecting attacks.SIInstituto Nacional de CiberseguridadInstituto de Ciencias Aplicadas a la Cibersegurida

Security in Internet of Things: networked smart objects.

Internet of Things (IoT) is an innovative paradigm approaching both industries and humans every-day life. It refers to the networked interconnection of every-day objects, which are equipped with ubiquitous intelligence. It not only aims at increasing the ubiquity of the Internet, but also at leading towards a highly distributed network of devices communicating with human beings as well as with other devices. Thanks to rapid advances in underlying technologies, IoT is opening valuable opportunities for a large number of novel applications, that promise to improve the quality of humans lives, facilitating the exchange of services. In this scenario, security represents a crucial aspect to be addressed, due to the high level of heterogeneity of the involved devices and to the sensibility of the managed information. Moreover, a system architecture should be established, before the IoT is fully operable in an efficient, scalable and interoperable manner. The main goal of this PhD thesis concerns the design and the implementation of a secure and distributed middleware platform tailored to IoT application domains. The effectiveness of the proposed solution is evaluated by means of a prototype and real case studies