Skip to main content
SpringerLink
Log in

Intrusion Detection System for MQTT Protocol Based on Intelligent One-Class Classifiers

  • Conference paper
  • First Online:
Sustainable Smart Cities and Territories (SSCTIC 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 253))

Included in the following conference series:

  • The original version of this chapter was revised: The name of the author has been corrected from Francico Zayas-Gato to Francisco Zayas-Gato. The correction to this chapter is available at https://doi.org/10.1007/978-3-030-78901-5_30

Abstract

The significant advance in smart devices connected to Internet has promoted the “Internet of Things” technology. However, the success of this term comes with the need of implementing Intrusion Detection Systems to face possible attacks. The present research deals with the intrusion detection in a network with Message Queuing Telemetry Transport protocol. To achieve this goal, different one-class classifiers have been implemented from a real dataset, achieving good performance in the detection of intrusion attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Change history

  • 31 July 2021

    In the original version of the book, the following belated correction has been incorporated: The misspelled author name “Francico Zayas-Gato” has been corrected to “Francisco Zayas-Gato” in the Frontmatter, the Backmatter, and Chapter 22.

References

  1. Light, R.A.: Mosquitto: server and client implementation of the MQTT protocol. J. Open Source Softw. 2(13), 265 (2017). https://doi.org/10.21105/joss.00265

  2. aedes: GitHub - moscajs/aedes: Barebone MQTT broker that can run on any stream server, the node way. https://github.com/moscajs/aedes

  3. Al-sarawi, S., Anbar, M., Alieyan, K., Alzubaidi, M.: Internet of Things (IoT) communication protocols: Review. In: 2017 8th International Conference on Information Technology (ICIT), pp. 685–690 (2017)

    Google Scholar 

  4. Alaiz-Moreton, H., Aveleira-Mata, J., Ondicol-Garcia, J., Muñoz-Castañeda, A.L., García, I., Benavides, C.: Multiclass classification procedure for detecting attacks on MQTT-IoT protocol. Complexity 2019, 1–11 (2019). https://doi.org/10.1155/2019/6516253

    Article  Google Scholar 

  5. Alobaidy, H.A.H., Mandeep, J.S., Nordin, R., Abdullah, N.F.: A review on ZigBee based WSNs: concepts, infrastructure, applications, and challenges. Int. J. Electr. Electron. Eng. Telecommun. 9(3), 189–198 (2020). https://doi.org/10.18178/ijeetc.9.3.189-198

  6. Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. In: 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pp. 1–6 (2017). https://doi.org/10.1109/EECSI.2017.8239179

  7. Ben-Asher, N., Gonzalez, C.: Effects of cyber security knowledge on attack detection. Comput. Hum. Behav. 48, 51–61 (2015). https://doi.org/10.1016/j.chb.2015.01.039

  8. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Towards generating real-life datasets for network intrusion detection. Int. J. Netw. Secur. 17(6), 683–701 (2015)

    Google Scholar 

  9. Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recogn. 30(7), 1145–1159 (1997). https://doi.org/10.1016/S0031-3203(96)00142-2

    Article  Google Scholar 

  10. Casale, P., Pujol, O., Radeva, P.: Approximate convex hulls family for one-class classification. In: Sansone, C., Kittler, J., Roli, F. (eds.) MCS 2011. LNCS, vol. 6713, pp. 106–115. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21557-5_13

    Chapter  Google Scholar 

  11. Chakrabarty, B., Chanda, O., Saiful, M.: Anomaly based intrusion detection system using genetic algorithm and K-centroid clustering. Int. J. Comput. Appl. 163(11), 13–17 (2017). https://doi.org/10.5120/ijca2017913762

    Article  Google Scholar 

  12. Dinculeană, D., Cheng, X.: Vulnerabilities and limitations of MQTT protocol used between IoT devices. Appl. Sci. 9(5), 848 (2019). https://doi.org/10.3390/app9050848, http://www.mdpi.com/2076-3417/9/5/848

  13. Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006)

    Article  MathSciNet  Google Scholar 

  14. Ordóñez Galán, C., Sánchez Lasheras, F., de Cos Juez, F.J., Bernardo Sánchez, A.: Missing data imputation of questionnaires by means of genetic algorithms with different fitness functions. J. Comput. Appl. Math. 311(C), 704–717 (2017). https://doi.org/10.1016/j.cam.2016.08.012

  15. Green, J.: The internet of things reference model. In: Internet of Things World Forum, pp. 1–12 (2014)

    Google Scholar 

  16. Gupta, A.B., R.: MQTT version 3.1.1. OASIS Standard (2014). http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html

  17. Hamed, T., Ernst, J.B., Kremer, S.C.: A survey and taxonomy of classifiers of intrusion detection systems. In: Daimi, K. (ed.) Computer and Network Security Essentials, pp. 21–39. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-58424-9_2

    Chapter  Google Scholar 

  18. Hasan, M., Nasser, M., Pal, B., Ahmad, S.: Support vector machine and random forest modeling for intrusion detection system (IDS). J. Intell. Learn. Syst. Appl. 2014(February), 45–52 (2014). https://doi.org/10.4236/jilsa.2014.61005

    Article  Google Scholar 

  19. Jove, E., Aláiz-Moretón, H., Casteleiro-Roca, J.L., Corchado, E., Calvo-Rolle, J.L.: Modeling of bicomponent mixing system used in the manufacture of wind generator blades. In: Corchado, E., Lozano, J.A., Quintián, H., Yin, H. (eds.) IDEAL 2014. LNCS, vol. 8669, pp. 275–285. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10840-7_34

    Chapter  Google Scholar 

  20. Jove, E., et al.: Attempts prediction by missing data imputation in engineering degree. In: Pérez García, H., Alfonso-Cendón, J., Sánchez González, L., Quintián, H., Corchado, E. (eds.) SOCO/CISIS/ICEUTE -2017. AISC, vol. 649, pp. 167–176. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-67180-2_16

    Chapter  Google Scholar 

  21. Jove, E., et al.: Missing data imputation over academic records of electrical engineering students. Logic J. IGPL 28(4), 487–501 (2020)

    Google Scholar 

  22. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Méndez-Pérez, J.A., Calvo-Rolle, J.L.: Anomaly detection based on intelligent techniques over a bicomponent production plant used on wind generator blades manufacturing. Revista Iberoamericana de Automática e Informática industrial (2019)

    Google Scholar 

  23. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Méndez-Pérez, J.A., Calvo-Rolle, J.L.: A fault detection system based on unsupervised techniques for industrial control loops. Expert Syst. 36(4), e12395 (2019)

    Google Scholar 

  24. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Méndez-Pérez, J.A., Calvo-Rolle, J.L.: Virtual sensor for fault detection, isolation and data recovery for bicomponent mixing machine monitoring. Informatica 30(4), 671–687 (2019)

    Article  Google Scholar 

  25. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Méndez-Pérez, J.A., Calvo-Rolle, J.L.: A new method for anomaly detection based on non-convex boundaries with random two-dimensional projections. Inf. Fusion 65, 50–57 (2021)

    Article  Google Scholar 

  26. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Simić, D., Méndez-Pérez, J.A., Luis Calvo-Rolle, J.: Anomaly detection based on one-class intelligent techniques over a control level plant. Logic J. IGPL 28(4), 502–518 (2020)

    Google Scholar 

  27. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Zayas-Gato, F., Vercelli, G., Calvo-Rolle, J.L.: A one-class classifier based on a hybrid topology to detect faults in power cells. Logic J. IGPL (2021, online)

    Google Scholar 

  28. Jove, E., López, J.A.V., Fernández-Ibáñez, I., Casteleiro-Roca, J.L., Calvo-Rolle, J.L.: Hybrid intelligent system to predict the individual academic performance of engineering students. Int. J. Eng. Educ. 34(3), 895–904 (2018)

    Google Scholar 

  29. Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp. 1–5 (2016). https://doi.org/10.1109/PlatCon.2016.7456805, http://ieeexplore.ieee.org/document/7456805/

  30. Kolias, C., Kambourakis, G., Stavrou, A., Gritzalis, S.: Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Surv. Tutorials 18(1), 184–208 (2016). https://doi.org/10.1109/COMST.2015.2402161

  31. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/MC.2017.201

    Article  Google Scholar 

  32. Li, K.L., Huang, H.K., Tian, S.F., Xu, W.: Improving one-class SVM for anomaly detection. In: 2003 International Conference on Machine Learning and Cybernetics, vol. 5, pp. 3077–3081. IEEE (2003)

    Google Scholar 

  33. Li, Y., Ma, R., Jiao, R.: A hybrid malicious code detection method based on deep learning. Int. J. Secur. Appl. 9(5), 205–216 (2015). https://doi.org/10.14257/ijsia.2015.9.5.21

  34. Wollschlaeger, M., Sauter, T., Jasperneite, J.: The future of industrial communication. IEEE Ind. Electron. Mag. 11(4), 17–27 (2017). https://doi.org/10.1109/MIE.2017.2649104

  35. Nieto, P.G., Fernández, J.A., Lasheras, F.S., de Cos Juez, F., Muñiz, C.D.: A new improved study of cyanotoxins presence from experimental cyanobacteria concentrations in the Trasona reservoir (Northern Spain) using the MARS technique. Sci. Total Environ. 430, 88–92 (2012)

    Article  Google Scholar 

  36. Nieto, P.G., Torres, J.M., de Cos Juez, F.J., Lasheras, F.S.: Using multivariate adaptive regression splines and multilayer perceptron networks to evaluate paper manufactured using eucalyptus globulus. Appl. Math. Comput. 219(2), 755–763 (2012)

    Google Scholar 

  37. NodeMCU: NodeMCU - an open-source firmware based on ESP8266 WIFI-SOC (2014). http://www.nodemcu.com/index_en.html

  38. openwrt: openwrt.org, https://openwrt.org/

  39. Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009). https://doi.org/10.1016/j.comnet.2008.11.011

  40. Prabha, K., Sudha, S.: A survey on IPS methods and techniques. Int. J. Comput. Sci. Issues 13(2), 38–43 (2016). https://doi.org/10.20943/01201602.3843

  41. Quintián, H., Corchado, E.: Beta scale invariant map. Eng. Appl. Artif. Intell. 59, 218–235 (2017)

    Article  Google Scholar 

  42. Ramamoorthy, K., Karthikeyan, S., Chelladurai, T.: An investigation on industrial internet of things for mission critical things in industry 4. 0 2. literature review. Seybold Rep. 15(9), 3294–3300 (2020)

    Google Scholar 

  43. Razzaq, M.A., Gill, S.H., Qureshi, M.A., Ullah, S.: Security issues in the internet of things (IoT): a comprehensive study. Int. J. Adv. Comput. Sci. Appl. 8(6), 383 (2017). https://doi.org/10.14569/IJACSA.2017.080650

  44. Rebentrost, P., Mohseni, M., Lloyd, S.: Quantum support vector machine for big data classification. Phys. Rev. Lett. 113, 130503 (2014). https://doi.org/10.1103/PhysRevLett.113.130503

  45. Samrin, R., Vasumathi, D.: Review on anomaly based network intrusion detection system. In: International Conference on Electrical, Electronics, Communication Computer Technologies and Optimization Techniques, ICEECCOT 2017, pp. 141–147 (2018). https://doi.org/10.1109/ICEECCOT.2017.8284655

  46. Sethi, P., Sarangi, S.R.: Internet of things: architectures, protocols, and applications. J. Electr. Comput. Eng. 2017 (2017)

    Google Scholar 

  47. Shalabi, L.A., Shaaban, Z.: Normalization as a preprocessing engine for data mining and the approach of preference matrix. In: 2006 International Conference on Dependability of Computer Systems, pp. 207–214, May 2006. https://doi.org/10.1109/DEPCOS-RELCOMEX.2006.38

  48. Stolfo, S.J.: KDD cup 1999 dataset (1999). http://kdd.ics.uci.edu/

  49. Tao, X., Kong, D., Wei, Y., Wang, Y.: A big network traffic data fusion approach based on fisher and deep auto-encoder. Information 7(2), 20 (2016). https://doi.org/10.3390/info7020020

    Article  Google Scholar 

  50. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009). https://doi.org/10.1109/CISDA.2009.5356528

  51. Wu, J., Zhang, X.: A PCA classifier and its application in vehicle detection. In: International Joint Conference on Neural Networks Proceedings, IJCNN 2001, (Cat. No. 01CH37222), vol. 1, pp. 600–604. IEEE (2001)

    Google Scholar 

  52. Zhou, Q., Pezaros, D.: Evaluation of machine learning classifiers for Zero-Day intrusion detection - an analysis on CIC-AWS-2018 dataset, May 2019. http://arxiv.org/abs/1905.03685

  53. Zorbas, D., Abdelfadeel, K., Kotzanikolaou, P., Pesch, D.: TS-LoRa: time-slotted LoRaWAN for the industrial internet of things. Comput. Commun. 153, 1–10 (2020). https://doi.org/10.1016/j.comcom.2020.01.056

Download references

Acknowledgements

Spanish National Cybersecurity Institute (INCIBE) and developed Research Institute of Applied Sciences in Cybersecurity (RIASC).

CITIC, as a Research Center of the University System of Galicia, is funded by Consellería de Educación, Universidade e Formación Profesional of the Xunta de Galicia through the European Regional Development Fund (ERDF) and the Secretaría Xeral de Universidades (Ref. ED431G 2019/01).

Author information

Authors and Affiliations

  1. CTC, CITIC, Department of Industrial Engineering, University of A Coruña, Avda. 19 de Febrero s/n, 15405, Ferrol, A Coruña, Spain

    Esteban Jove, José-Luis Casteleiro-Roca, Francisco Zayas-Gato, Héctor Quintián & José Luis Calvo-Rolle

  2. University of León, Avd. Facultad, 24071, León, Spain

    David Yeregui Marcos del Blanco

  3. Research Institute of Applied Sciences in Cybersecurity (RIASC) MIC, Universidad de León, 24071, León, Spain

    Jose Aveleira-Mata & Héctor Alaiz-Moretón

Authors
  1. Esteban Jove
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jose Aveleira-Mata
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Héctor Alaiz-Moretón
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José-Luis Casteleiro-Roca
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. David Yeregui Marcos del Blanco
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Francisco Zayas-Gato
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Héctor Quintián
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. José Luis Calvo-Rolle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Esteban Jove .

Editor information

Editors and Affiliations

  1. Department of Computing Science, Universidad Salamanca, Salamanca, Spain

    Juan M. Corchado

  2. Texas A&M University at Qatar, Doha, Qatar

    Saber Trabelsi

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jove, E. et al. (2022). Intrusion Detection System for MQTT Protocol Based on Intelligent One-Class Classifiers. In: Corchado, J.M., Trabelsi, S. (eds) Sustainable Smart Cities and Territories. SSCTIC 2021. Lecture Notes in Networks and Systems, vol 253. Springer, Cham. https://doi.org/10.1007/978-3-030-78901-5_22

Download citation

Publish with us

Policies and ethics

Search

Navigation