{"title":"A hybrid intrusion detection approach based on message queuing telemetry transport (MQTT) protocol in industrial internet of things","authors":"Georg Thamer Francis, Alireza Souri, Nihat İnanç","doi":"10.1002/ett.5030","DOIUrl":null,"url":null,"abstract":"<p>The number of attacks against Industrial Internet of Things (IIoT) devices has increased over the past years, particularly on widely used communication protocols like Message Queuing Telemetry Transfer (MQTT). The fast increase in IIoT applications brings both critical challenges and technical gaps in cybersecurity. On the other hand, traditional cyber-attack detection approaches scrap to address and support the run-time responsibilities of IIoT environments. This study presents a hybrid Genetic Algorithm and Random Forest (GA_RF) method for detecting cyber-attacks in Industrial Control Machines (ICS) that use MQTT protocol in the IIoT environment. This architecture integrates ICS with edge devices and cloud servers, using a GA_RF algorithm to detect anomalies in data collected by sensors. Normal data is processed locally and then sent to the cloud for storage and return, ensuring continuous monitoring and security. Also, the MQTT-IOT-IDS2020 dataset as a real test case was applied for prediction of the proposed GA_RF method with compare to some other powerful machine and deep learning models. The experimental results show that the proposed GA_RF method has an optimum accuracy of 99.87%–100% for detecting cyber-attacks. This hybrid algorithm also achieved 0–0.0015 in Mean Absolute Error (MAE) and 100% in Precision, Recall, and F-score factors. This result led to the proposed architecture, which connects the ICS to a server while running GA_RF on the IIoT environment. In conclusion, this study indicates the effectiveness of GA_RF and aims to improve security by using the MQTT protocol in IIoT.</p>","PeriodicalId":23282,"journal":{"name":"Transactions on Emerging Telecommunications Technologies","volume":"35 9","pages":""},"PeriodicalIF":2.5000,"publicationDate":"2024-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Transactions on Emerging Telecommunications Technologies","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/ett.5030","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0
Abstract
The number of attacks against Industrial Internet of Things (IIoT) devices has increased over the past years, particularly on widely used communication protocols like Message Queuing Telemetry Transfer (MQTT). The fast increase in IIoT applications brings both critical challenges and technical gaps in cybersecurity. On the other hand, traditional cyber-attack detection approaches scrap to address and support the run-time responsibilities of IIoT environments. This study presents a hybrid Genetic Algorithm and Random Forest (GA_RF) method for detecting cyber-attacks in Industrial Control Machines (ICS) that use MQTT protocol in the IIoT environment. This architecture integrates ICS with edge devices and cloud servers, using a GA_RF algorithm to detect anomalies in data collected by sensors. Normal data is processed locally and then sent to the cloud for storage and return, ensuring continuous monitoring and security. Also, the MQTT-IOT-IDS2020 dataset as a real test case was applied for prediction of the proposed GA_RF method with compare to some other powerful machine and deep learning models. The experimental results show that the proposed GA_RF method has an optimum accuracy of 99.87%–100% for detecting cyber-attacks. This hybrid algorithm also achieved 0–0.0015 in Mean Absolute Error (MAE) and 100% in Precision, Recall, and F-score factors. This result led to the proposed architecture, which connects the ICS to a server while running GA_RF on the IIoT environment. In conclusion, this study indicates the effectiveness of GA_RF and aims to improve security by using the MQTT protocol in IIoT.
期刊介绍:
ransactions on Emerging Telecommunications Technologies (ETT), formerly known as European Transactions on Telecommunications (ETT), has the following aims:
- to attract cutting-edge publications from leading researchers and research groups around the world
- to become a highly cited source of timely research findings in emerging fields of telecommunications
- to limit revision and publication cycles to a few months and thus significantly increase attractiveness to publish
- to become the leading journal for publishing the latest developments in telecommunications