Array (Sep 2023)
Capturing low-rate DDoS attack based on MQTT protocol in software Defined-IoT environment
Abstract
The MQTT (Message Queue Telemetry Transport) protocol has recently been standardized to provide a lightweight open messaging service over low-bandwidth and resource-constrained communication environments. Hence, it is the primary messaging protocol used by Internet of Things (IoT) devices to disseminate telemetry data in a machine-to-machine approach. Despite its advantages in providing reliable, scalable, and timely delivery, the MQTT protocol is widely vulnerable to flooding and denial of service attacks, specifically, the low-rate distributed denial of services (LR-DDoS). Unlike conventional DDoS, the LR-DDoS attack tends to appear as normal traffic at a very slow rate, which makes it difficult to differentiate from legitimate packets, allowing the packets to move undetected by traditional detection policies. This paper presents an intelligent lightweight detection scheme that can capture LR-DDoS attacks based on MQTT protocol in a software-defined IoT environment. The proposed scheme examines the performance of four machine learning models on a modern dataset (LRDDoS-MQTT-2022) with a minimum feature set (i.e., two features only) and a balanced dataset, namely: decision tree classifier (DTC), multilayer perceptron (MLP), artificial neural networks (ANN), and naïve Bayes classifier (NBC). Our exploratory assessment demonstrates the arrogance of the DTC detection scheme achieving an accuracy of 99.5% with peak detection speed. Eventually, our best outcomes outdo existing models with higher prediction rates.
