| Abstract [eng] |
An analysis of the protocols used in the Internet of Things revealed that MQTT is one of the most used protocols due to its simplicity. However, this simplicity also poses an increasing threat of cyberattacks. One type of such cyberattack is slow DoS attacks, which, by exploiting protocol parameters, can block all possible connections using minimal intermediary resources. Most currently implemented methods primarily use artificial intelligence algorithms with pre-generated data. Therefore, the goal of this work was to implement a method that, using a hybrid detection method based on rules and machine learning, would detect malicious clients both in real time and using existing data by analyzing different time intervals. To test this method, additional tools were developed that can generate both legitimate and malicious clients. Another very important tool of the method is MQTT protocol packet scanning, which was implemented as part of the method. After implementing all the tools and the method itself, experiments were conducted that confirmed that, using the available data, the method successfully detected all malicious clients. |
