MQTT abnormal traffic detection method based on Naive Bayes
A technology of abnormal traffic and detection method, which is applied in the field of Internet of Things information security, can solve problems such as inability to prevent attacks, achieve good detection performance, and prevent fraudulent attacks
Active Publication Date: 2018-08-03
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 2 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Since the packets of spoofing attacks conform to the rules of the MQTT protocol, traditional firewalls cannot recognize them, so they cannot prevent such attacks
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0030] In order to better illustrate the technical solution of the present invention, the MQTT protocol is briefly described first. figure 1 It is a fixed header structure diagram of the MQTT protocol. Such as figure 1 As shown, the fixed header of the MQTT protocol consists of two bytes (the first byte byte1 and the second byte byte2), where the binary bits 7-4 of the first byte byte1 indicate the control message type, Binary bits 3-0 indicate the flag bits used to specify the type of control message; the second byte byte2 indicates the number of bytes in the remaining part of the current message. The MQTT communication system usually includes a server and multiple clients. The present invention captures data packets between the server and the client, extracts the type of control message and the flag bit of the specified control message type, based on simple shell Yessian classification model to realize MQTT abnormal traffic detection.
[0031] figure 2 It is a specific ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an MQTT abnormal traffic detection method based on Naive Bayes. The method comprises the following steps: firstly capturing multiple groups of data packets of MQTT normal traffic and abnormal traffic between a server and a client of an MQTT communication system, extracting a control message type and a flag bit of a specified control message type in an MQTT fixed message header in each data packet to constitute a feature vector, then performing calculation to obtain various parameters of a Naive Bayes classifier, when abnormal traffic detection needs to be performed, obtaining the MQTT data packet between the server and the client, extracting the feature vector, performing calculation according to the parameters of the Naive Bayes classifier to obtain identificationvalues indicating that the data packet belongs to the normal traffic and the abnormal traffic, and taking the type corresponding to the larger value as a detection result. According to the MQTT abnormal traffic detection method disclosed by the invention, the control message type and the flag bit of the specified control message type in the MQTT fixed message header are extracted to constitute thefeature vector, an abnormal traffic detection model is established by using the Naive Bayes classifier, the detection performance is good, and the fraudulent attack can be effectively prevented.
Description
technical field [0001] The invention belongs to the technical field of Internet of Things information security, and more specifically, relates to a naive Bayesian-based MQTT abnormal traffic detection method. Background technique [0002] MQTT (Message Queuing Telemetry Transport) is an instant messaging protocol developed by IBM and is an important part of today's Internet of Things. The protocol supports all platforms and can connect almost all networked items with the outside world, and is used as a communication protocol for sensors and actuators. The security of the MQTT protocol is very important to the IoT system. [0003] However, MQTT is an open protocol. Its message structure and data format are public. Without sufficient security measures, there are large security risks. Attackers can use data messages that conform to the rules of the MQTT protocol to implement Deceptive attacks, for example, during the transmission of MQTT protocol messages, attackers can use d...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/30H04L69/22H04L69/26
Inventor 郑宏王斌辛晓帅邹见效何建徐红兵
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA