Volume 15, Number 4
Enhance the Detection of DoS and Brute Force Attacks within the MQTT Environment Through Feature Engineering and Employing an Ensemble Technique
Authors
Abdulelah Al Hanif and Mohammad Ilyas, Florida Atlantic University, USA
Abstract
The rapid development of the Internet of Things (IoT) environment has introduced unprecedented levels of connectivity and automation. The Message Queuing Telemetry Transport (MQTT) protocol has become recognized in IoT applications due to its lightweight and efficient features; however, this simplicity also renders MQTT vulnerable to multiple attacks that can be launched against the protocol, including denial of service (DoS) and brute-force attacks. This study aims to improve the detection of intrusion DoS and brute-force attacks in an MQTT traffic intrusion detection system (IDS). Our approach utilizes the MQTT dataset for model training by employing effective feature engineering and ensemble learning techniques. Following our analysis and comparison, we identified the top 10 features demonstrating the highest effectiveness, leading to improved model accuracy. We used supervised machine learning models, including Random Forest, Dec ision Trees, k-Nearest Neighbors, and XGBoost, in combination with ensemble classifiers. Stacking, voting, and bagging ensembles utilize these four supervised machine-learning methods to combine models. This study's results illustrate the proposed technique's efficacy in enhancing the accuracy of detecting DoS and brute-force attacks in MQTT traffic. Stacking and voting classifiers achieved the highest accuracy of 0.9538. Our approach outperforms the most recent study that utilized the same dataset.
Keywords
Message Queuing Telemetry Transport, Internet of Things, DoS, Brute Force, Intrusion Detection System, Machine Learning, Ensemble Learning, Feature Selection.