International Journal of Computer Science & Network Security

국제컴퓨터통신보호논문지학회 (International Journal of Computer Science & Network Security)
권호 표지
DOI QR코드

DOI QR Code

Network Forensics and Intrusion Detection in MQTT-Based Smart Homes

  • Lama AlNabulsi (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Sireen AlGhamdi (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Ghala AlMuhawis (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Ghada AlSaif (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Fouz AlKhaldi (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Maryam AlDossary (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Hussian AlAttas (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA) ;
  • Abdullah AlMuhaideb (University of Imam Abdulrahman bin Faisal, College of Computer Science and Information Technology, KSA)
  • 투고 : 2023.04.05
  • 발행 : 2023.04.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

The emergence of Internet of Things (IoT) into our daily lives has grown rapidly. It's been integrated to our homes, cars, and cities, increasing the intelligence of devices involved in communications. Enormous amount of data is exchanged over smart devices through the internet, which raises security concerns in regards of privacy evasion. This paper is focused on the forensics and intrusion detection on one of the most common protocols in IoT environments, especially smart home environments, which is the Message Queuing Telemetry Transport (MQTT) protocol. The paper covers general IoT infrastructure, MQTT protocol and attacks conducted on it, and multiple network forensics frameworks in smart homes. Furthermore, a machine learning model is developed and tested to detect several types of attacks in an IoT network. A forensics tool (MQTTracker) is proposed to contribute to the investigation of MQTT protocol in order to provide a safer technological future in the warmth of people's homes. The MQTT-IOT-IDS2020 dataset is used to train the machine learning model. In addition, different attack detection algorithms are compared to ensure the suitable algorithm is chosen to perform accurate classification of attacks within MQTT traffic.

키워드

참고문헌

  1. C. Stolojescu-Crisan, C. Crisan and B. Butunoi, "An IoT-Based Smart Home Automation System," Sensors (Basel, Switzerland), vol. 21, (11), pp. 3784, 2021.
  2. S. Sathwara, N. Dutta and E. Pricop, "IoT forensic A digital investigation framework for IoT systems," in 2018. DOI: 10.1109/ECAI.2018.8679017.
  3. S. Kim et al, "Smart Home Forensics-Data Analysis of IoT Devices," Electronics, vol. 9, (8), pp. 1215, 2020. Available: https://library.iau.edu.sa/scholarly-journals/smart-homeforensicsdata-analysis-iotdevices/docview/2429598317/se-2?accountid=136546. DOI: http://dx.doi.org.library.iau.edu.sa/10.3390/electronics908 1215.
  4. A simple guide to IOT architecture. Total Phase Blog. (2019, October 22). Retrieved October 20, 2021, from https://www.totalphase.com/blog/2019/10/simple-guideiot-architecture/.
  5. 3-layer IOT architecture. GeeksforGeeks. (2021, April 13). Retrieved October 20, 2021, from https://www.geeksforgeeks.org/3-layer-iot-architecture/.
  6. Reynolds, I. (2021, May 31). IOT architecture: 3 layers, 4 stages explained. Custom Software Development Insights I Zibtek Blog. Retrieved October 20, 2021, from https://www.zibtek.com/blog/iot-architecture/.
  7. M. Lombardi, F. Pascale and D. Santaniello, "Internet of Things: A General Overview between Architectures, Protocols and Applications," Information, vol. 12, (2), pp. 87, 2021. Available:https://library.iau.edu.sa/scholarlyjournals/internet-things-general-overviewbetween/docview/2535221489/se-2. DOI: http://dx.doi.org/10.3390/info12020087.
  8. F. Alsuhaym, T. Al-Hadhrami, F. Saeed and K. AwusonDavid, "Toward Home Automation: An IoT Based Home Automation System Control and Security," 2021 International Congress of Advanced Technology and Engineering (ICOTEN), 2021, pp. 1-11, doi: 10.1109/ICOTEN52080.2021.9493464.
  9. T. Song, R. Li, B. Mei, J. Yu, X. Xing and X. Cheng, "A Privacy Preserving Communication Protocol for IoT Applications in Smart Homes," in IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1844-1852, Dec. 2017, doi: 10.1109/JIOT.2017.2707489.
  10. A. Larmo, A. Ratilainen and J. Saarinen, "Impact of CoAP and MQTT on NB-IoT System Performance," Sensors, vol. 19, (1), 2019. Available: https://library.iau.edu.sa/scholarly-journals/impact-coapmqtt-on-nb-iot-systemperformance/docview/2301580589/se-2. DOI: http://dx.doi.org/10.3390/s19010007.
  11. Atmoko, Rachmad & Riantini, Rona & Hasin, M. (2017). IoT real time data acquisition using MQTT protocol. Journal of Physics: Conference Series. 853. 012003. 10.1088/1742-6596/853/1/012003.
  12. A. Cornel - Cristian et al, "Smart home automation with MQTT," in 2019, . DOI: 10.1109/UPEC.2019.8893617.
  13. A. van den Bossche et al, "Specifying an MQTT tree for a connected smart home," in Anonymous Cham: Springer International Publishing, 2018, pp. 236-246.
  14. Bhanujyothi, H. C., Vidya, J., TJ, S. J., & Sahana, D. S. Diverse Malicious Attacks and security Analysis on MQTT protocol in IoT. Available at: http://www.paideumajournal.com/gallery/6-april2020.pdf [Accessed 20 October 2021].
  15. S. Andy, B. Rahardjo and B. Hanindhito, "Attack scenarios and security analysis of MQTT communication protocol in IoT system," in 2017, . DOI: 10.1109/EECSI.2017.8239179.
  16. 2021. [online] Available at:  [Accessed 21 October 2021].
  17. G. Kalnoor and S. Gowrishankar, "IoT-based smart environment using intelligent intrusion detection system," Soft Computing (Berlin, Germany), vol. 25, (17), pp. 11573, 2021.
  18. E. Anthi, L. Williams, M. Slowinska, G. Theodorakopoulos and P. Burnap, "A Supervised Intrusion Detection System for Smart Home IoT Devices," in IEEE Internet of Things Journal, vol. 6, no. 5, pp. 9042-9053, Oct. 2019, doi: 10.1109/JIOT.2019.2926365.
  19. O. Georgiana Dorobantu and S. Halunga, "Security threats in IoT," 2020 International Symposium on Electronics and Telecommunications (ISETC), 2020, pp. 1-4, doi: 10.1109/ISETC50328.2020.9301127.
  20. S. Perumal, N. M. Norwawi, and V. Raman, "Internet of Things(IoT) digital forensic investigation model: Topdown forensic approach methodology," in 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC), 2015, pp. 19-23.
  21. M. Conti, A. Dehghantanha, K. Franke, and S. Watson, "Internet of Things security and forensics: Challenges and opportunities," Future Gener. Comput. Syst., vol. 78, pp. 544-546, 2018. https://doi.org/10.1016/j.future.2017.07.060
  22. M. Aldwairi, A. M. Abu-Dalo and M. Jarrah, "Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework," EURASIP Journal on Information Security, vol. 2017, (1), pp. 1-11, 2017. https://doi.org/10.1186/s13635-016-0053-0
  23. G. Chang, "An Efficient String-Matching Algorithm Using Bidirectional and Parallel Processing Structure for Intrusion Detection System," KSII Transactions on Internet and Information Systems, vol. 4, (5), pp. 956-967, 2010. https://doi.org/10.3837/tiis.2010.10.015
  24. U. Dixit, S. Gupta and O. Pal, "Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques," International Journal of Computer Science Issues, vol. 9, (5), pp. 387, 2012.
  25. W. Yassin et al, "Packet header anomaly detection using statistical analysis," in Anonymous Cham: Springer International Publishing, pp. 473-482.
  26. S. Ahmad et al, "Unsupervised real-time anomaly detection for streaming data," Neurocomputing (Amsterdam), vol. 262, pp. 134-147, 2017. https://doi.org/10.1016/j.neucom.2017.04.070
  27. M. Hosseinzadeh et al, "Improving security using SVM-based anomaly detection: issues and challenges," Soft Computing (Berlin, Germany), vol. 25, (4), pp. 3195-3223, 2020; 2021.
  28. S. Uddin et al, "Comparing different supervised machine learning algorithms for disease prediction," BMC Medical Informatics and Decision Making, vol. 19, (1), pp. 281-281, 2019. https://doi.org/10.1186/s12911-019-1004-8
  29. Dilli, R., 2022. Anomaly detection based on machine learning techniques. [online] Krex.k-state.edu. Available at: .
  30. Prashanth, G. & Prashanth, V. & Padmanabhan, Jayashree & Srinivasan, N.. (2008). Using Random Forests for Network-based Anomaly detection at Active routers. 93 - 96. 10.1109/ICSCN.2008.4447167.
  31. Henriques, Joao & Caldeira, Filipe & Cruz, Tiago & Simoes, Paulo. (2020). Combining K-Means and XGBoost Models for Anomaly Detection Using Log Datasets. Electronics. 9. 10.3390/electronics9071164.
  32. Xiali Wang, Xiang Lu, "A Host-Based Anomaly Detection Framework Using XGBoost and LSTM for IoT Devices", Wireless Communications and Mobile Computing, vol. 2020, Article ID 8838571, 13 pages, 2020. https://doi.org/10.1155/2020/8838571
  33. H. Hindy et al, "Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset)," 2020.
  34. N. Koroniotis, N. Moustafa and E. Sitnikova, "A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework," Future Generation Computer Systems, vol. 110, pp. 91-106, 2020. https://doi.org/10.1016/j.future.2020.03.042
  35. N. Widiyasono et al, "IoT forensic: Optimizing Raspberry Pi for investigation on the smart home network," IOP Conference Series. Materials Science and Engineering, vol. 550, (1), pp. 12019,
  36. S. Mercan, M. Cebe, E. Tekiner, K. Akkaya, M. Chang, and S. Uluagac, "A cost-efficient IoT forensics framework with blockchain," in 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2020, pp. 1-5.
  37. A. Goudbeek, K. R. Choo and N. Le-Khac, "A forensic investigation framework for smart home environment," in 2018, . DOI: 10.1109/TrustCom/BigDataSE.2018.00201.
  38. F. Servida and E. Casey, "IoT forensic challenges and opportunities for digital traces," Digital Investigation, vol. 28, pp. S22-S29, 2019. https://doi.org/10.1016/j.diin.2019.01.012