A MQTT Abnormal Traffic Detection Method Based on Random Forest Algorithm

Abstract

Abstract: With the wide application of Internet of things technology, the industrial Internet of things system suffers from increasing network security threats, and information security becomes a major challenge in its development. The MQTT (Message Queuing Telemetry Transport) protocol is the mainstream protocol for Internet of things communication. The research on communication security of Internet of things based on the protocol is a hot topic at present. In order to ensure the communication security of restricted devices in the Internet of things, this paper focuses on the abnormal detection of MQTT traffic. Traditional traffic identification technology such as deep packet inspection cant effectively identify abnormal traffic conforming to packet format, and abnormal traffic identification technology based on machine learning theory shows very good effect. For this, a MQTT abnormal traffic detection method based on random forest algorithm is proposed, which achieves an overall accuracy of more than 90% and gets better recognition effect than other common classification models.

Key words: abnormal traffic detection, random forests, MQTT, flow features

WU Ke-he, ZHANG Ying, CUI Wen-chao, CHENG Rui. A MQTT Abnormal Traffic Detection Method Based on Random Forest Algorithm[J]. Computer and Modernization, 2021, 0(01): 61-64.

References ［23］

［1］	刘克一. 物联网概念的基本定位［J］. 数字技术与应用, 2015(4):221.
［2］	毕然,李小刚,姜建. 物联网安全事件案例和问题分析［J］. 电信网技术, 2014(12):10-13.
［3］	TAO L H, LIU G J, LIU W W, et al. Packet signature mining for application identification using an improved Apriori algorithm［C］// Proceedings of the 2015 IEEE International Conference on Progress in Informatics & Computing. 2015:633-637.
［4］	周卫国. 工业物联网安全隐患分析与防护策略探究［J］. 电子世界, 2019(21):13-18.
［5］	TANTITHARANUKUL N, OSATHANUNKUL K, HANTRAKUL K, et al. MQTT-topics management system for sharing of open data［C］// Proceedings of the 2017 International Conference on Digital Arts, Media and Technology. 2017:62-65.
［6］	LEE S, KIM H, HONG D K, et al. Correlation analysis of MQTT loss and delay according to QoS level［C］// Proceedings of the 2013 International Conference on Information Networking. 2013:714-717.
［7］	SAHADEVAN A, MATHEW D, MOOKATHANA J, et al. An offline online strategy for IoT using MQTT［C］// Proceedings of the 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing. 2017:369-373.
［8］	温彬民. 一种基于自适应心跳机制的MQTT通信协议的研究与应用［D］. 广州:华南理工大学, 2015.
［9］	YOKOTANI T, SASAKI Y. Comparison with HTTP and MQTT on required network resources for IoT［C］// Proceedings of the 2016 International Conference on Control, Electronics, Renewable Energy and Communications. 2016:1-6.
［10］	NAIK N. Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP［C］// Proceedings of the 2017 IEEE International Systems Engineering Symposium. 2017:12-18.
［11］	THOTA P, KIM Y. Implementation and comparison of M2M protocols for internet of things［C］// Proceedings of the 2016 4th Intl Conf on Applied Computing and Information Technology/3rd Intl Conf on Computational Science/Intelligence and Applied Informatics/1st Intl Conf on Big Data, Cloud Computing, Data Science & Engineering. 2016:43-48.
［12］	XU Y M, MAHENDRAN V, GUO W, et al. Fairness in fog networks: Achieving fair throughput performance in MQTT-based IoTs［C］// Proceedings of the 2017 14th IEEE Annual Consumer Communications & Networking Conference. 2017:191-196.
［13］	HAPP D, KAROWSKI N, MENZEL T, et al. Meeting IoT platform requirements with open pub/sub solutions［J］. Annals of Telecommunications, 2017,72(1-2):41-52.
［14］	BAUER J, ASCHENBRUCK N. Measuring and adapting MQTT in cellular networks for collaborative smart farming［C］// Proceedings of the 2017 IEEE 42nd Conference on Local Computer Networks. 2017:294-302.
［15］	贾军营,王月鹏,王少华. 基于MQTT协议IM的研究和实现［J］. 计算机系统应用, 2015,24(7):9-14.
［16］	顾亚文. 基于MQTT协议的通用智能家居系统设计与实现［D］. 西安:西安电子科技大学, 2014.
［17］	任亨. 基于MQTT协议的消息推送集群系统的设计与实现［D］. 沈阳:中国科学院沈阳计算技术研究所, 2014.
［18］	KATSIKEAS S, FYSARAKIS K, MIAOUDAKIS A, et al. Lightweight & secure industrial IoT communications via the MQ telemetry transport protocol［C］// Proceedings of the 2017 IEEE Symposium on Computers and Communications. 2017:1193-1200.
［19］	王斌. 工业物联网信息安全防护技术研究［D］. 成都:电子科技大学, 2018.
［20］	向江南. 基于MQTT的服务质量保障及安全防御策略研究［D］. 成都:电子科技大学, 2019.
［21］	周志华. 机器学习［M］. 北京:清华大学出版社, 2016.
［22］	BREIMAN L. Random forests［J］. Machine Language, 2001,45(1):5-32.
［23］	赵小欢,夏靖波,李明辉. 基于随机森林算法的网络流量分类方法［J］. 中国电子科学研究院学报, 2013,8(2):184-190.

[1]	WANG Yao, LI Wei, WU Ke-he, CUI Wen-chao. Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification [J]. Computer and Modernization, 2020, 0(03): 93-.
[2]	LEI Wu1,2， LIAO Wenjian2， PENG Yanbing2. Search Rank Model Based on Random Forests and LambdaMART [J]. Computer and Modernization, 2017, 0(3): 54-.
[3]	SUI Jiankai1, LIU Huiyi1,YAN Shuo2. Feature Matching Method Based on Random Forests Classifier [J]. Computer and Modernization, 2014, 0(4): 81-85.