Unlock instant, AI-driven research and patent intelligence for your innovation.

A mqtt abnormal traffic detection method based on naive Bayesian

A technology of abnormal traffic and detection method, applied in the field of Internet of Things information security, can solve problems such as inability to prevent attacks, achieve good detection performance, and prevent deceptive attacks.

Active Publication Date: 2020-09-18
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the packets of spoofing attacks conform to the rules of the MQTT protocol, traditional firewalls cannot recognize them, so they cannot prevent such attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A mqtt abnormal traffic detection method based on naive Bayesian
  • A mqtt abnormal traffic detection method based on naive Bayesian
  • A mqtt abnormal traffic detection method based on naive Bayesian

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0030] In order to better illustrate the technical solution of the present invention, the MQTT protocol is briefly described first. figure 1 It is a fixed header structure diagram of the MQTT protocol. Such as figure 1 As shown, the fixed header of the MQTT protocol consists of two bytes (the first byte byte1 and the second byte byte2), where the binary bits 7-4 of the first byte byte1 indicate the control message type, Binary bits 3-0 indicate the flag bits used to specify the type of control message; the second byte byte2 indicates the number of bytes in the remaining part of the current message. The MQTT communication system usually includes a server and multiple clients. The present invention captures data packets between the server and the client, extracts the type of control message and the flag bit of the specified control message type, based on simple shell Yessian classification model to realize MQTT abnormal traffic detection.

[0031] figure 2 It is a specific ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a naive Bayesian-based MQTT abnormal flow detection method. Firstly, several groups of data packets of MQTT normal flow and abnormal flow are captured between the server end and the client end of the MQTT communication system, and each data packet is extracted. The control packet type in the MQTT fixed header in the packet and the flag bit of the specified control packet type constitute a feature vector, and then calculate the parameters of the naive Bayesian classifier. When abnormal traffic detection is required, the server and client The MQTT data packet between the terminals is extracted to extract the feature vector, and the identification value of the data packet belonging to normal traffic and abnormal traffic is calculated according to the parameters of the naive Bayesian classifier, and the type corresponding to the larger value is taken as the detection result. The invention extracts the control message type and the flag bits of the specified control message type in the MQTT fixed header to form a feature vector, uses a naive Bayesian classifier to construct an abnormal traffic detection model, has good detection performance, and can effectively prevent fraudulent attacks.

Description

technical field [0001] The invention belongs to the technical field of Internet of Things information security, and more specifically, relates to a naive Bayesian-based MQTT abnormal traffic detection method. Background technique [0002] MQTT (Message Queuing Telemetry Transport) is an instant messaging protocol developed by IBM and is an important part of today's Internet of Things. The protocol supports all platforms and can connect almost all networked items with the outside world, and is used as a communication protocol for sensors and actuators. The security of the MQTT protocol is very important to the IoT system. [0003] However, MQTT is an open protocol. Its message structure and data format are public. Without sufficient security measures, there are large security risks. Attackers can use data messages that conform to the rules of the MQTT protocol to implement Deceptive attacks, for example, during the transmission of MQTT protocol messages, attackers can use d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/30H04L69/22H04L69/26
Inventor 郑宏王斌辛晓帅邹见效何建徐红兵
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA