Vol. 12, no.2, 2020


Detection of DoS attacks caused by CONNECT messages of MQTT protocol

Dmitrii I. Dikii

St. Petersburg National Research University of Information Technologies, Mechanics and Optics (University ITMO), http://www.itmo.ru
St. Petersburg 197101, Russian Federation
E-mail: dimandikiy@mail.ru

Received September 25, 2019, reviewed on March 10, 2020, after finalization on March 30, 2020 accepted April 13, 2020
Abstract. Detecting DoS attacks within the Internet of Things is an urgent task to ensure the security of this infrastructure. The malefactor, undertaking the attack, generates a large number of connection requests to the Internet of Things network based on the MQTT protocol. This makes the gateway unavailable for other users. The author discusses the approaches and methods of detecting DoS attacks within the Internet, in general, as well as within the Internet of Things, in particular. The method of feature vector generation for detecting DoS attacks based on the network traffic analysis was suggested. The feature vector consists of parameters of message transmission frequency within a time interval from a device with the same IP-address. The multilayer perceptron, the random forest algorithm, the support vector machine are classifiers in this study. The author constructed an experimental assembly to generate training and testing sets with the supplied parameters. The experiment results showed: in order to achieve maximum classification accuracy, the dimension increase of the feature vector is not required. A comparison of the mentioned above algorithms by the F1-score value was carried out, which proved the artificial neural network – the multilayer perceptron – to be the best classifier. At that, the time interval, on which the feature vector generation is based, must be higher than 1.5 seconds for the accuracy to be over 0.99 under the legal device connection frequency once per second. The research gave positive results of implementing the reviewed classifiers based on the suggested feature vector to detect DoS attacks.

Keywords: Internet of Things, DoS, MQTT, machine learning, random forest, multilayer perceptron, support vector machine, telecommunication, attack detection

UDC 004.052.3

RENSIT, 2020, 12(2):287-296. DOI: 10.17725/rensit.2020.12.275.

Full-text electronic version of this article - web site http://en.rensit.ru/vypuski/article/332/12(2)287-296e.pdf