Machine learning based IoT Intrusion Detection System: an MQTT case study (MQTT-IoT-IDS2020 Dataset)

Hanan Hindy*, Ethan Bayne, Miroslav Bures, Robert Atkinson, Christos Tachtatzis, Xavier Bellekens

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

96 Citations (Scopus)
448 Downloads (Pure)

Abstract

The Internet of Things (IoT) is one of the main research fields in the Cybersecurity domain. This is due to (a) the increased dependency on automated device, and (b) the inadequacy of general-purpose Intrusion Detection Systems (IDS) to be deployed for special purpose networks usage. Numerous lightweight protocols are being proposed for IoT devices communication usage. One of the distinguishable IoT machine-to-machine communication protocols is Message Queuing Telemetry Transport (MQTT) protocol. However, as per the authors best knowledge, there are no available IDS datasets that include MQTT benign or attack instances and thus, no IDS experimental results available. In this paper, the effectiveness of six Machine Learning (ML) techniques to detect MQTT-based attacks is evaluated. Three abstraction levels of features are assessed, namely, packet-based, unidirectional flow, and bidirectional flow features. An MQTT simulated dataset is generated and used for the training and evaluation processes. The dataset is released with an open access licence to help the research community further analyse the accompanied challenges. The experimental results demonstrated the adequacy of the proposed ML models to suit MQTT-based networks IDS requirements. Moreover, the results emphasise on the importance of using flow-based features to discriminate MQTT-based attacks from benign traffic, while packet-based features are sufficient for traditional networking attacks.
Original languageEnglish
Title of host publicationSelected Papers from the 12th International Networking Conference, INC 2020
EditorsBogdan Ghita, Stavros Shiaeles
Place of PublicationCham
PublisherSpringer
Pages73-84
Number of pages12
ISBN (Electronic)9783030647582
ISBN (Print)9783030647575
DOIs
Publication statusPublished - 5 Jan 2021
Event12th International Network Conference 2020 - Virtual conference, Rhodes, Greece
Duration: 19 Sept 202021 Sept 2020
Conference number: 12th
http://www.inc-conference.org/

Publication series

NameLecture Notes in Networks and Systems, LNNS
PublisherSpringer
Volume180
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

Conference12th International Network Conference 2020
Abbreviated titleINC2020
Country/TerritoryGreece
CityRhodes
Period19/09/2021/09/20
Internet address

Keywords

  • IoT
  • Internet of Things
  • Machine learning
  • MQTT
  • Intrusion detection

Fingerprint

Dive into the research topics of 'Machine learning based IoT Intrusion Detection System: an MQTT case study (MQTT-IoT-IDS2020 Dataset)'. Together they form a unique fingerprint.

Cite this