Shallow Learning Techniques for Early Detection and Classification of Cyberattacks over MQTT IoT Networks

Abstract

[Abstract] The increasing global connectivity, driven by the expansion of the Internet of Things (IoT), is generating a significant increase in system vulnerabilities. Cyberattackers exploit the computing and processing limitations of typical IoT devices and take advantage of inherent vulnerabilities in wireless networks and protocols to attack networks, compromise infrastructure, and cause damage. This paper presents a shallow learning multiclassifier approach for detecting and classifying cyberattacks on IoT networks. Specifically, it addresses MQTT networks, widely used in the IoT, to detect Denial-of-Service (DoS) and Intrusion attacks, using inter-device communication data as a basis. The use of shallow learning techniques allows this cybersecurity system to be implemented on resource-constrained devices, enabling local network monitoring and, consequently, increasing security and incident response capabilities by detecting and identifying attacks. The proposed system is validated on a real dataset obtained from an IoT system over MQTT, demonstrating its correct operation by achieving an accuracy greater than 99% and F1-score greater than 80% in the detection of Intrusion attacks.