MQTT Trafiğinde DoS Saldırılarının Makine Öğrenmesi ile Sınıflandırılması ve Modelin SHAP ile Yorumlanması
Abstract
MQTT (Message Queuing Telemetry Transport), nesnelerin interneti için tasarlanmış, uygulama katmanında çalışan bir haberleşme protokolüdür. MQTT protokolünde sensörler, verileri sunucu ile paylaşırlar, sunucular konulara abone olan cihazlara bu verileri iletirler. Bu çalışmada, bir MQTT trafiğinden elde edilmiş, içinde saldırı trafiği bulunan ve oldukça yeni bir veri seti olan MQTTset içindeki hizmet reddi saldırıları (DoS) makine öğrenmesi ile sınıflandırılmıştır. Saldırının sınıflandırılmasında 3 farklı makine öğrenmesi algoritmasından faydalanılmıştır. En iyi sınıflandırmayı yapan makine öğrenmesi modeli üzerinde analizler yapılmıştır. Model üzerindeki araştırmalarımızın amacı, büyük boyutlu veriler ve karmaşık ağ paketleri üzerinden anlaşılabilir yorumlar çıkarmaktır. Oluşturulan modelin analizinde SHAP kullanılmıştır. SHAP, hesaplamalarında oyun teorisi yaklaşımını benimsemiştir ve basit anlamda bir oyuncunun oyuna katkısını ölçmektedir. SHAP ile hangi öznitelliklerin ve hangi verilerin hizmet reddi saldırısının sınıflandırılmasına ne yönde etki ettiği araştırılarak, oluşturulan makine öğrenmesi modelinden anlaşılabilir yorumlar çıkarılmıştır.
References
- Chen T., Guestrin C., Xgboost: A scalable tree boosting system, In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining, San Francisco California / USA, August 13-17, 2016, pp: 785-794.
- Feng Z., Xu C., Tao D., Historical Gradient Boosting Machine. GCAI-2018: 4th Global Conference on Artificial Intelligence, Luxembourg City / Luxembourg, September 18-21, 2018.
- Gündoğan C., Kietzmann P., Lenders M., Petersen H., Schmidt T., Wählisch M., NDN, CoAP, and MQTT: a comparative measurement study in the IoT, Proceedings of the 5th ACM Conference on Information-Centric Networking, Boston Massachusetts, September 21-23, 2018, pp: 159-171.
- Hausken K., Mohr M., The Value of a Player in n-Person Games. Social Choice and Welfare 18(3), 465-483, 2001.
- Lundberg S., Lee S., A Unified Approach to Interpreting Model Predictions, In Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS'17), Long Beach California / USA, December 4-9, 2017, pp: 4768-4777.
- Naik N., Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP, 2017 IEEE International Systems Engineering Symposium (ISSE), Vienna / Austria, October 11-13, 2017, pp: 1-7.
- Nebbione G., Calzarossa M. C., Security of IoT Application Layer Protocols: Challenges and Findings. Future Internet 12(3), 55, 2020.
- Özdoğan E., Erdem A., Nesnelerin İnterneti İçin Hibrit Uygulama Katmanı Protokol Tasarımı. Mühendislik Bilimleri ve Tasarım Dergisi 8(1), 285-304, 2020.
- Saritha S., Sarasvathi V., A study on application layer protocols used in IoT, 2017 International Conference on Circuits, Controls, and Communications (CCUBE), Bangalore / India, December 15-16, 2017, pp: 155-159.
- Tantitharanukul N., Osathanunkul K., Hantrakul K., Pramokchon P., Khoenkaw P., MQTT-Topics Management System for sharing of Open Data. 2017 International Conference on Digital Arts, Media and Technology (ICDAMT), Chiang Mai / Thailand, March 1-4, 2017, pp: 62-65.
- Vaccari I., Chiola G., Aiello M., Mongelli M., Cambiaso E., MQTTset, A New Dataset for Machine Learning Techniques on MQTT. Sensors, 20(22), 6578, 2020.
Classification of DoS Attacks in MQTT Network with Machine Learning and Interpretation of The Model with SHAP
Abstract
MQTT (Message Queuing Telemetry Transport) is an application layer communication protocol which designed for the Internet of Things. In the MQTT protocol, the sensors share the data with the server and the servers transmit this data to the devices that subscribe to the topics. In our study, denial-of-service attacks (DoS) in MQTTset, which is a relatively new data set obtained from an MQTT traffic and containing attack traffic, has been classified by machine learning. Three different algorithms of machine learning were used to classify the attack. Analyzes were made on the machine learning model that made the best classification. The purpose of our research on the model is to extract understandable interpretations from large data and complex network packets. SHAP was used in the analysis of the created model. SHAP takes the game theory approach in its calculations and simply measures a player's contribution to the game. By investigating which features and which data affect the classification of denial-of-service attack with SHAP, understandable comments were extracted from the created machine learning model.
References
- Chen T., Guestrin C., Xgboost: A scalable tree boosting system, In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining, San Francisco California / USA, August 13-17, 2016, pp: 785-794.
- Feng Z., Xu C., Tao D., Historical Gradient Boosting Machine. GCAI-2018: 4th Global Conference on Artificial Intelligence, Luxembourg City / Luxembourg, September 18-21, 2018.
- Gündoğan C., Kietzmann P., Lenders M., Petersen H., Schmidt T., Wählisch M., NDN, CoAP, and MQTT: a comparative measurement study in the IoT, Proceedings of the 5th ACM Conference on Information-Centric Networking, Boston Massachusetts, September 21-23, 2018, pp: 159-171.
- Hausken K., Mohr M., The Value of a Player in n-Person Games. Social Choice and Welfare 18(3), 465-483, 2001.
- Lundberg S., Lee S., A Unified Approach to Interpreting Model Predictions, In Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS'17), Long Beach California / USA, December 4-9, 2017, pp: 4768-4777.
- Naik N., Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP, 2017 IEEE International Systems Engineering Symposium (ISSE), Vienna / Austria, October 11-13, 2017, pp: 1-7.
- Nebbione G., Calzarossa M. C., Security of IoT Application Layer Protocols: Challenges and Findings. Future Internet 12(3), 55, 2020.
- Özdoğan E., Erdem A., Nesnelerin İnterneti İçin Hibrit Uygulama Katmanı Protokol Tasarımı. Mühendislik Bilimleri ve Tasarım Dergisi 8(1), 285-304, 2020.
- Saritha S., Sarasvathi V., A study on application layer protocols used in IoT, 2017 International Conference on Circuits, Controls, and Communications (CCUBE), Bangalore / India, December 15-16, 2017, pp: 155-159.
- Tantitharanukul N., Osathanunkul K., Hantrakul K., Pramokchon P., Khoenkaw P., MQTT-Topics Management System for sharing of Open Data. 2017 International Conference on Digital Arts, Media and Technology (ICDAMT), Chiang Mai / Thailand, March 1-4, 2017, pp: 62-65.
- Vaccari I., Chiola G., Aiello M., Mongelli M., Cambiaso E., MQTTset, A New Dataset for Machine Learning Techniques on MQTT. Sensors, 20(22), 6578, 2020.
Details
| Primary Language | Turkish |
|---|---|
| Subjects | Artificial Intelligence |
| Journal Section | Research Articles |
| Authors | |
| Publication Date | June 6, 2022 |
| Submission Date | September 14, 2021 |
| Published in Issue | Year 2022 Volume: 3 Issue: 1 |
