A hybrid intrusion detection approach based on message queuing telemetry transport (MQTT) protocol in industrial internet of things

The number of attacks against Industrial Internet of Things (IIoT) devices has increased over the past years, particularly on widely used communication protocols like Message Queuing Telemetry Transfer (MQTT). The fast increase in IIoT applications brings both critical challenges and technical gaps in cybersecurity. On the other hand, traditional cyber-attack detection approaches scrap to address and support the run-time responsibilities of IIoT environments. This study presents a hybrid Genetic Algorithm and Random Forest (GA_RF) method for detecting cyber-attacks in Industrial Control Machines (ICS) that use MQTT protocol in the IIoT environment. This architecture integrates ICS with edge devices and cloud servers, using a GA_RF algorithm to detect anomalies in data collected by sensors. Normal data is processed locally and then sent to the cloud for storage and return, ensuring continuous monitoring and security. Also, the MQTT-IOT-IDS2020 dataset as a real test case was applied for prediction of the proposed GA_RF method with compare to some other powerful machine and deep learning models. The experimental results show that the proposed GA_RF method has an optimum accuracy of 99.87%–100% for detecting cyber-attacks. This hybrid algorithm also achieved 0–0.0015 in Mean Absolute Error (MAE) and 100% in Precision, Recall, and F-score factors. This result led to the proposed architecture, which connects the ICS to a server while running GA_RF on the IIoT environment. In conclusion, this study indicates the effectiveness of GA_RF and aims to improve security by using the MQTT protocol in IIoT.