Novel Feature Extraction Method for Detecting Malicious MQTT Traffic Using Seq2Seq

Owing to their wide application, Internet of Things systems have been the target of malicious attacks. These attacks included DoS, flood, SlowITe, malformed, and brute-force attacks. A dataset that includes these attacks was recently released. However, the attack detection accuracy reported in previous studies has not been satisfactory because the studies used too many features that are not important in detecting malicious message queue telemetry transport (MQTT) traffic. Therefore, this study aims to analyze these attacks. Herein, a novel feature extraction method is proposed that includes the source port index, TCP length, MQTT message type, keep alive, and connection acknowledgment. The attacks were classified using the Seq2Seq model. During the experiment, the accuracy of the proposed method was 99.97%, which is 7.33% higher than that of previously reported methods.