2019 14th Iberian Conference on Information Systems and Technologies (CISTI) | 2019
MQTT Flow Signatures for the Internet of Things
Abstract
The number of IoT devices and the volume of network traffic has grown continuously during the past years. IoT devices are smart devices designed with simple functions in mind, like collecting the temperature or opening a door. However, IoT devices lack a good security layer due to lack of resources: small memory, processor and/or battery. Consequently, new potential attacks and security problems have arisen. In order to detect and mitigate these security problems Intrusion Detection Systems (IDS)can be used, However, abnormal traffic must be distinguished from normal IoT patterns. In this article, a study was done on characterization of traffic signatures of two typical IoT application protocols - MQTT and MQTTS - with the objective of generating and collecting IP flows of said traffic. An IoT application scenario was simulated and using the traffic collected, an analysis of MQTT and MQTTS flows were elaborated to identify flow-based signatures that could be used to identify the network traffic of IoT application protocols.