Alotaibi Nouf Saeed, Sayed Ahmed Hassan I, Kamel Samah Osama M, ElKabbany Ghada Farouk
Department of Computer Science, College of Science and Humanities Al Dawadmi, Shaqra University, Dawadmi City 11911, Saudi Arabia.
Informatics Department, Electronics Research Institute, Cairo 12622, Egypt.
Sensors (Basel). 2024 Mar 2;24(5):1638. doi: 10.3390/s24051638.
The Message Queuing Telemetry Transport (MQTT) protocol stands out as one of the foremost and widely recognized messaging protocols in the field. It is often used to transfer and manage data between devices and is extensively employed for applications ranging from smart homes and industrial automation to healthcare and transportation systems. However, it lacks built-in security features, thereby making it vulnerable to many types of attacks such as man-in-the-middle (MitM), buffer overflow, pre-shared key, brute force authentication, malformed data, distributed denial-of-service (DDoS) attacks, and MQTT publish flood attacks. Traditional methods for detecting MQTT attacks, such as deep neural networks (DNNs), k-nearest neighbor (KNN), linear discriminant analysis (LDA), and fuzzy logic, may exist. The increasing prevalence of device connectivity, sensor usage, and environmental scalability become the most challenging aspects that novel detection approaches need to address. This paper presents a new solution that leverages an H2O-based distributed machine learning (ML) framework to improve the security of the MQTT protocol in networks, particularly in IoT environments. The proposed approach leverages the strengths of the H2O algorithm and architecture to enable real-time monitoring and distributed detection and classification of anomalous behavior (deviations from expected activity patterns). By harnessing H2O's algorithms, the identification and timely mitigation of potential security threats are achieved. Various H2O algorithms, including random forests, generalized linear models (GLMs), gradient boosting machine (GBM), XGBoost, and the deep learning (DL) algorithm, have been assessed to determine the most reliable algorithm in terms of detection performance. This study encompasses the development of the proposed algorithm, including implementation details and evaluation results. To assess the proposed model, various evaluation metrics such as mean squared error (MSE), root-mean-square error (RMSE), mean per class error (MCE), and log loss are employed. The results obtained indicate that the H2OXGBoost algorithm outperforms other H2O models in terms of accuracy. This research contributes to the advancement of secure IoT networks and offers a practical approach to enhancing the security of MQTT communication channels through distributed detection and classification techniques.
消息队列遥测传输(MQTT)协议是该领域最重要且广为人知的消息协议之一。它常用于在设备之间传输和管理数据,并广泛应用于从智能家居、工业自动化到医疗保健和交通系统等各种应用场景。然而,它缺乏内置的安全功能,因此容易受到多种类型的攻击,如中间人(MitM)攻击、缓冲区溢出、预共享密钥、暴力认证、畸形数据、分布式拒绝服务(DDoS)攻击以及MQTT发布泛洪攻击。可能存在传统的检测MQTT攻击的方法,如深度神经网络(DNN)、k近邻(KNN)、线性判别分析(LDA)和模糊逻辑。设备连接性、传感器使用和环境可扩展性的日益普及成为新型检测方法需要解决的最具挑战性的方面。本文提出了一种新的解决方案,该方案利用基于H2O的分布式机器学习(ML)框架来提高网络中MQTT协议的安全性,特别是在物联网环境中。所提出的方法利用H2O算法和架构的优势,实现对异常行为(与预期活动模式的偏差)的实时监控以及分布式检测和分类。通过利用H2O的算法,实现了对潜在安全威胁的识别和及时缓解。已经评估了各种H2O算法,包括随机森林、广义线性模型(GLM)、梯度提升机(GBM)、XGBoost和深度学习(DL)算法,以确定在检测性能方面最可靠的算法。本研究包括所提出算法的开发,包括实现细节和评估结果。为了评估所提出的模型,采用了各种评估指标,如均方误差(MSE)、均方根误差(RMSE)、平均每类误差(MCE)和对数损失。获得的结果表明,H2OXGBoost算法在准确性方面优于其他H2O模型。这项研究有助于推进安全的物联网网络,并提供了一种通过分布式检测和分类技术增强MQTT通信通道安全性的实用方法。
