Detection of Bruteforce Attacks on the MQTT Protocol Using Random Forest Algorithm

Abstract

Bruteforce is a hacking technique that launches an attack by guessing the username and password of the system that is the target of the attack. The Bruteforce attack on the MQTT protocol is an attack that often occurs on the IoT, so it is necessary to detect attacks on the MQTT protocol to find out normal traffic and brute force traffic. Random Forest was chosen because this method can classify a lot of data in a relatively short time, and the results from Random Forest can improve accuracy and prevent overfitting in the data classification process. This study uses two types of data: primary data from the hacking environment lab and secondary data from the IEEE Data Port MQTT-IOT-IDS2020 dataset. Trials on primary data and the results obtained are accuracy of 99.55%, precision of 100%, recall of 99.54%, and f-measure of 99.77%, the duration needed to get these results with 1796 data lines, i.e., for 0 seconds. As for the secondary data, the researcher obtained an accuracy of 99.77%, a precision of 100%, a recall of 99.43%, and an f-measure of 98.71%, the duration required to obtain these results with 85002 data lines, i.e., for 62 seconds.