IDS-MA: Intrusion Detection System for IoT MQTT Attacks Using Centralized and Federated Learning

Abstract

Yearly, the number of connected Internet of Things (IoT) devices is growing. The attack surface is also increasing because IoT is generally functionality-centric and security is usually an after-thought. Therefore, memory corruption attacks, man-in-the-middle attacks, and distributed denial of service attacks are a few of the attacks that have been widely exploited on these devices communicating via Message Queue Telemetry Transport (MQTT), which is the most commonly used messaging protocol in IoT. However, much of the research on MQTT intrusion detection has either covered a smaller number of attacks, completely ignored memory attacks, or used inadequate classification evaluation metrics (e.g., only accuracy). In this paper, we design and simulate an MQTT IoT network and present IDS-MA, an intrusion detection system for MQTT attacks by training both centralized and federated learning models. Seven different MQTT attacks were implemented with the models evaluated with metrics such as accuracy, precision, and recall. Our evaluation results show high detection scores on MQTT attacks (including memory attacks). We also obtain an average model detection accuracy of over 80% on 2,210,797 real attacks from the MQTT-IoT-IDS2020 benchmark for both centralized and federated models.