Read Aloud the Text Content

This audio was created by Woord's Text to Speech service by content creators from all around the world.

Text Content or SSML code:

Hi. We are from team 2. Our team consists of Sneha, Dominic, Yen Ning, Zhao Xiang and Chandran. We will be presenting our ITP project on Real Time MQTT Notification for IOT Attack Detection. The motivation for this project is the Building Management System, or BMS for short, currently being researched on and in the works of being implemented to centrally manage access control devices, mainly over the MQTT protocol. The problem with the current system is that some devices do not support the use of secure encrypted MQTT, exposing sensitive information such as MQTT authentication credentials or control messages in plaintext. This opens up for potential attacks like unauthorised control of devices by leveraging on sniffed plaintext credentials. The objective of this project is to develop a proof-of-concept system that detects potential cyberattacks that occur via MQTT protocol or Home assistant, and subsequently alerts users by publishing real-time notifications. This system has been integrated into an IoT orchestration platform to centrally monitor and manage various endpoints. For the project flow, we have taken a 4-phased approach. This consists of 1. project plan phase, 2. research phase, 3. development phase and lastly, 4. testing phase. These 4 phases have greatly aided in the brainstorming and development of this project. This is a representation of the system architecture, which shows how the frontend and backend work on the process from attack detection to the publishing of notifications. The architecture consists of a MQTT broker, an attack sensor, a database for storing notification details, and the web frontend and backend. Packets sent to MQTT broker will first be analysed, and an incident will be triggered when a rule violation is detected. The incident will then be published to the MQTT broker and the broker publishes the notification to the backend. The backend will push this real-time notification to the frontend, which will be seen by the subscriber. The backend then saves the received payload to the database for persistent storage. A key feature of the POC system is the rule-based detection system where users are able to create custom rulesets to constitute what is a threat or cyberattack in their own network setup. This allows for better flexibility as well as adaptability when such threats evolve in the future. As part of this project, we devised a set of baseline rules to detect TCP SYN Floods, MQTT authentication brute force, interaction with the MQTT broker by an unauthorised party as well as excessive message publish activity that could signify a spam or message flood attack. These baselines help to serve as a starting point and their detection thresholds can be modified for better fine tuning. The second feature of the POC system would be the data visualization. It provides a graphical representation of the trends in MQTT notification alerts. Data visualization displays graphs such as dot graph, line graph and bar graph, detailing information, such as attackers' IP and attack time. These useful information allow users to spot any surge in attacks or other anomalies, which users can quickly act upon in real-time. As this is a POC system, they may be some improvements to this proposed system. One improvement is to include other network protocols that can be used in BMS and supported by Scapy, to increase attack detection. The second improvement can be an added remote monitoring feature that integrates log-based monitoring with the network detection sensor. The log-based monitoring would basically be monitoring based on broker's logs. Lastly, the tools and technologies used to develop the system are node.js, python, raspberry pi and home assistant. With that, we have come to the end of our presentation. Thank you for your time and attention. Have a good day.