Abstract
The Internet of Things (IoT) is one of the main research fields in the Cybersecurity domain. This is due to (a) the increased dependency on automated device, and (b) the inadequacy of general-purpose Intrusion Detection Systems (IDS) to be deployed for special purpose networks usage. Numerous lightweight protocols are being proposed for IoT devices communication usage. One of the distinguishable IoT machine-to-machine communication protocols is Message Queuing Telemetry Transport (MQTT) protocol. However, as per the authors best knowledge, there are no available IDS datasets that include MQTT benign or attack instances and thus, no IDS experimental results available.
In this paper, the effectiveness of six Machine Learning (ML) techniques to detect MQTT-based attacks is evaluated. Three abstraction levels of features are assessed, namely, packet-based, unidirectional flow, and bidirectional flow features. An MQTT simulated dataset is generated and used for the training and evaluation processes. The dataset is released with an open access licence to help the research community further analyse the accompanied challenges. The experimental results demonstrated the adequacy of the proposed ML models to suit MQTT-based networks IDS requirements. Moreover, the results emphasise on the importance of using flow-based features to discriminate MQTT-based attacks from benign traffic, while packet-based features are sufficient for traditional networking attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abdel-Basset, M., Manogaran, G., Mohamed, M.: Internet of things (IoT) and its impact on supply chain: a framework for building smart, secure and efficient systems. Future Gener. Comput. Syst. 86, 614–628 (2018)
Abeles, D., Zioni, M.: MQTT-PWN, IoT exploitation & recon framework. https://mqtt-pwn.readthedocs.io/en/latest/index.html (2018). Accessed Feb 2020
Ahmed, N., De, D., Hussain, I.: Internet of things (IoT) for smart precision agriculture and farming in rural areas. IEEE Internet of Things J. 5(6), 4890–4899 (2018)
Alansari, Z., Soomro, S., Belgaum, M.R., Shamshirband, S.: The rise of internet of things (IoT) in big healthcare data: review and open research issues. In: Saeed, K., Chaki, N., Pati, B., Bakshi, S., Mohapatra, D.P. (eds.) Progress in Advanced Computing and Intelligent Engineering, pp. 675–685. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-6875-1_66
Arasteh, H., Hosseinnezhad, V., Loia, V., Tommasetti, A., Troisi, O., Shafie-khah, M., Siano, P.: Iot-based smart cities: a survey. In: 2016 IEEE 16th International Conference on Environment and Electrical Engineering (EEEIC), pp. 1–6. IEEE (2016)
Barber, D.: Bayesian Reasoning and Machine Learning. Cambridge University Press, Cambridge (2012)
Dinculeană, D., Cheng, X.: Vulnerabilities and limitations of MQTT protocol used between IoT devices. Appl. Sci. 9(5), 848 (2019)
Harsha, M.S., Bhavani, B.M., Kundhavai, K.R.: Analysis of vulnerabilities in MQTT security using shodan API and implementation of its countermeasures via authentication and ACLs. In: 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2244–2250 (2018)
Hindy, H., Brosset, D., Bayne, E., Seeam, A.K., Tachtatzis, C., Atkinson, R., Bellekens, X.: A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8, 104650–104675 (2020)
Hindy, H., Hodo, E., Bayne, E., Seeam, A., Atkinson, R., Bellekens, X.: A taxonomy of malicious traffic for intrusion detection systems. In: 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–4 (2018)
Hindy, H., Brosset, D., Bayne, E., Seeam, A., Bellekens, X.: Improving SIEM for critical SCADA water infrastructures using machine learning. In: Katsikas, S.K., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Antón, A., Gritzalis, S., Mylopoulos, J., Kalloniatis, C. (eds.) Computer Security, pp. 3–19. Springer International Publishing, Cham (2019)
Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E., Bellekens, X.: MQTT-IOT-IDS2020: MQTT internet of things intrusion detection dataset. IEEE Dataport (2020). https://doi.org/10.21227/bhxy-ep04
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.L., Iorkyase, E., Tachtatzis, C., Atkinson, R.: Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6. IEEE (2016)
Hosmer, D.W., Lemeshow, S., Sturdivant, R.X.: Applied Logistic Regression, vol. 398. Wiley, Hoboken (2013)
Larose, D.T., Larose, C.D.: Discovering Knowledge in Data: An Introduction to Data Mining. Wiley, Hoboken (2014)
Lior, R.: Data Mining with Decision Trees: Theory and Applications, vol. 81. World scientific, Toh Tuck (2014)
Nogues, M., Brosset, D., Hindy, H., Bellekens, X., Kermarrec, Y.: Labelled network capture generation for anomaly detection. In: International Symposium on Foundations and Practice of Security, pp. 98–113. Springer (2019)
Ring, M., Wunderlich, S., Grüdl, D., Landes, D., Hotho, A.: A toolset for intrusion and insider threat detection. In: Palomares, C.I., Kalutarage, H., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity Data Analytics, pp. 3–31. Springer International Publishing, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_1
Stanford-Clark, A., Truong, H.L.: Mqtt for sensor networks (MQTT-SN) protocol specification. International business machines (IBM) Corporation version 1, 2 (2013)
Steinwart, I., Christmann, A.: Support Vector Machines. Springer Science & Business Media (2008)
VanderPlas, J.: Python Data Science Handbook: Essential Tools for Working with Data. O’Reilly Media Inc, Sebastopol (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hindy, H., Bayne, E., Bures, M., Atkinson, R., Tachtatzis, C., Bellekens, X. (2021). Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset). In: Ghita, B., Shiaeles, S. (eds) Selected Papers from the 12th International Networking Conference. INC 2020. Lecture Notes in Networks and Systems, vol 180. Springer, Cham. https://doi.org/10.1007/978-3-030-64758-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-64758-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64757-5
Online ISBN: 978-3-030-64758-2
eBook Packages: EngineeringEngineering (R0)