Enhancing MQTT Intrusion Detection in IoT Using Machine Learning and Feature Engineering

The Internet of Things (IoT) has accelerated and broadened adoption, creating an extensive range of security issues, particularly in resource-constrained IoT protocols such as Message Queuing Telemetry Transport (MQTT). Being designed as a lightweight and security-limited protocol makes MQTT vulnerable to various types of attacks. Although studies on securing the Internet of Things (IoT) have grown substantially and obtained a degree of maturity in several areas, studies based on machine learning (ML) and feature engineering (FE) to identify and classify threats on MQTT-based networks remain limited. This work suggests the use of ML and FE approaches to improve the performance of MQTT-based intrusion detection systems (IDS). We assessed seven machine learning models: Stochastic Gradient Descent (SGD), Logistic Regression (LR), Random Forests (RF), Decision Tree (DT), Naïve Bayes (NB), k-Nearest Neighbors (k-NN), and XGBoost to detect and classify network traffic anomalies. Our proposed framework was built based on the Euclidean distance method to generate new features and outperform existing models. After applying the proposed framework, the k-NN model achieves an accuracy of 98.90% and maintains a well-balanced and high performance of precision (99.11%), recall (99.66%), and F-1 score (99.39%) metrics. As far as FPR improvement is concerned, the DT model indicates the best improvement, from 63.98% to 11.79%. The DT model also demonstrates a significant improvement in specificity percentage, increasing from 39.02% to 97.03%. The results of this study emphasize the necessity of embedding ML-based security mechanisms into MQTT networks to mitigate emerging cyber threats and enhance the overall security framework.