DoS attacks detection in MQTT networks

Abstract

The paper considers the problem of protecting the Internet of things infrastructure against denial-of-service (DoS) attacks at the application level. The authors considered parameters that affect the network gateway workload: message frequency, payload size, number of recipients and some others. We proposed a modular structure of the attack detection tool presented by three classifiers that use the following attributes: username, device ID, and IP-address. The following types of classifiers have been the objects for the research: multilayer perceptron, random forest algorithm, and modifications of the support vector machine. Some scenarios for the behavior of network devices have been simulated. It was proved that for the proposed feature vector on simulated training and test data sets, the best results have been shown by a multilayer perceptron and a support vector machine with a radial basis function of the kernel and optimization with SMO algorithm. The authors also determined the conditions under which the selected classifiers have the best quality of recognizing abnormal and legitimate traffic in MQTT networks.