Modelling and evaluation of malicious attacks against the IoT MQTT protocol

Document Type

Conference Proceeding


Institute of Electrical and Electronics Engineers Inc.


Security Research Institute / School of Science


Originally published as:

Firdous, S. N., Baig, Z., Valli, C., & Ibrahim, A. (2017). Modelling and evaluation of malicious attacks against the IoT MQTT protocol. In Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2017 IEEE International Conference on (pp. 748-755). IEEE. doi:10.1109/iThings-GreenCom-CPSCom-SmartData.2017.115

Original article available here.


The Internet of Things (IoT) paradigm is changing the way people live and work in society. Advancements in various information and communication technologies have paved the way for new possibilities and opportunities both in households and industries to build such an Internet of connected devices. However, these devices possess capabilities that enable control from anywhere and at anytime. The exploitation of these capabilities make these devices potential and viable targets for adversaries. Middleware-based IoT application protocols play a crucial role in enabling bidirectional communication and remote control of IoT devices. Among the various IoT application protocols, Message Queuing Telemetry Protocol (MQTT) is being widely adopted. The possible threats in MQTT-based IoT environments need to be identified before applying appropriate countermeasures. In this paper, we present the MQTT threat model and perform an evaluation of the Denial of Service (DoS) attack that targets MQTT brokers.