A novel intelligent approach for man‐in‐the‐middle attacks detection over internet of things environments based on message queuing telemetry transport

Abstract

[EN] One of the most common attacks is man-in-the-middle (MitM) which, due to its complex behaviour, is difficult to detect by traditional cyber-attack detection systems. MitM attacks on internet of things systems take advantage of special features of the protocols and cause system disruptions, making them invisible to legitimate elements. In this work, an intrusion detection system (IDS), where intelligent models can be deployed, is the approach to detect this type of attack considering network alterations. Therefore, this paper presents a novel method to develop the intelligent model used by the IDS, being this method based on a hybrid process. The first stage of the process implements a feature extraction method, while the second one applies different supervised classification techniques, both over a message queuing telemetry transport (MQTT) dataset compiled by authors in previous works. The contribution shows excellent performance for any compared classification methods. Likewise, the best results are obtained using the method with the highest computational cost. Thanks to this, a functional IDS will be able to prevent MQTT attacks.