SlowITe, a Novel Denial of Service Attack Affecting MQTT

Vaccari, Ivan; Aiello, Maurizio; Cambiaso, Enrico

doi:10.3390/s20102932

Cited by 71 publications

(34 citation statements)

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Considering the IoT security topic, several attacks against IoT networks are found in literature, starting from the evaluation of the impact of well-know attacks applied to IoT environments [ 13 ], up to the proposal of novel threats against IoT networks, protocols or nodes [ 14 , 15 , 16 ]. Protection of IoT networks and systems from cyber-threats is an open research challenge, due to the constant appearance of novel threats targeting such platforms.…”

Section: Related Workmentioning

confidence: 99%

“…In addition, MQTTset includes not only legitimate traffic, but also malicious one, we will now briefly introduce the considered threats. In this scenario, we integrated popular and easy to detect cyber-attacks against MQTT but it is possible to integrate more complex attacks such as zero-day [ 37 ] or innovative attacks against MQTT such as SlowITe [ 14 ] which is characterized by a particularly low attack band since it is a slow dos attack, the computational capabilities and bandwidth required to perform this attack are very low making it difficult to identify and mitigate. Being publicly accessible, researchers will be able to integrate their attacks with the dataset for analysis/detection/mitigation purposes.…”

Section: Mqttset Datasetmentioning

confidence: 99%

“…The Slow DoS against Internet of Things Environments (SlowITe) attack is a novel denial of service threat targeting the MQTT application protocol [ 14 ]. Particularly, unlike previous threats, being a Slow DoS Attack, SlowITe requires minimum bandwidth and resources to attack an MQTT service [ 45 , 46 , 47 ].…”

Section: Mqttset Datasetmentioning

confidence: 99%

See 2 more Smart Citations

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Vaccari

Chiola

Aiello

et al. 2020

Sensors

Self Cite

172

View full text Add to dashboard Cite

IoT networks are increasingly popular nowadays to monitor critical environments of different nature, significantly increasing the amount of data exchanged. Due to the huge number of connected IoT devices, security of such networks and devices is therefore a critical issue. Detection systems assume a crucial role in the cyber-security field: based on innovative algorithms such as machine learning, they are able to identify or predict cyber-attacks, hence to protect the underlying system. Nevertheless, specific datasets are required to train detection models. In this work we present MQTTset, a dataset focused on the MQTT protocol, widely adopted in IoT networks. We present the creation of the dataset, also validating it through the definition of a hypothetical detection system, by combining the legitimate dataset with cyber-attacks against the MQTT network. Obtained results demonstrate how MQTTset can be used to train machine learning models to implement detection systems able to protect IoT contexts.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Mqttset Datasetmentioning

confidence: 99%

See 1 more Smart Citation

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Vaccari

Chiola

Aiello

et al. 2020

Sensors

Self Cite

172

View full text Add to dashboard Cite

show abstract

“…Meanwhile, prevention to increase data authority is to use ACLs per topic, per method, or QoS. Ivan et al validated DoS attacks named SlowITe and SlowTT on the MQTT service [21,22]. The attack exploited a weakness in the Keep-Alive parameter setting which is used to keep the connection alive by avoiding connection closures by the server.…”

Section: Related Workmentioning

confidence: 99%

Advanced detection Denial of Service attack in the Internet of Things network based on MQTT protocol using fuzzy logic

Budiana

Negara

Irawan

et al. 2021

regist. j. ilm. teknol. sist. inf.

View full text Add to dashboard Cite

Message Queuing Telemetry Transport (MQTT) is one of the popular protocols used on the Internet of Things (IoT) networks because of its lightweight nature. With the increasing number of devices connected to the internet, the number of cybercrimes on IoT networks will increase. One of the most popular attacks is the Denial of Service (DoS) attack. Standard security on MQTT uses SSL/TLS, but SSL/TLS is computationally wasteful for low-powered devices. The use of fuzzy logic algorithms with the Intrusion Detection System (IDS) scheme is suitable for detecting DoS because of its simple nature. This paper uses a fuzzy logic algorithm embedded in a node to detect DoS in the MQTT protocol with feature selection nodes. This paper's contribution is that the nodes feature selection used will monitor SUBSCRIBE and SUBACK traffic and provide this information to fuzzy input nodes to detect DoS attacks. Fuzzy performance evaluation is measured against changes in the number of nodes and attack intervals. The results obtained are that the more the number of nodes and the higher the traffic intensity, the fuzzy performance will decrease, and vice versa. However, the number of nodes and traffic intensity will affect fuzzy performance.

show abstract

“…Mutual authentication between the client and the server can also be added [ 21 ]. Researchers also formally verified the protocols [ 47 ], studied the possible attacks [ 48 ], and proposed intrusion detection for them [ 49 ].…”

Section: An Introduction To Mqtt and Coapmentioning

confidence: 99%

MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

Zeng

Lin

Guo

et al. 2020

Sensors

View full text Add to dashboard Cite

The publish/subscribe model has gained prominence in the Internet of things (IoT) network, and both Message Queue Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) support it. However, existing coverage-based fuzzers may miss some paths when fuzzing such publish/subscribe protocols, because they implicitly assume that there are only two parties in a protocol, which is not true now since there are three parties, i.e., the publisher, the subscriber and the broker. In this paper, we propose MultiFuzz, a new coverage-based multiparty-protocol fuzzer. First, it embeds multiple-connection information in a single input. Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications. Third, it uses a new desockmulti module to feed the network messages into the program under test. desockmulti is similar to desock (Preeny), a tool widely used by the community, but it is specially designed for fuzzing and is 10x faster. We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects. In addition, we compare MultiFuzz with AFL and two state-of-the-art fuzzers, MOPT and AFLNET, and find it discovering more paths and crashes.

show abstract

SlowITe, a Novel Denial of Service Attack Affecting MQTT

Cited by 71 publications

References 63 publications

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Advanced detection Denial of Service attack in the Internet of Things network based on MQTT protocol using fuzzy logic

MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

Contact Info

Product

Resources

About