Author Identifier

Alaa Alatram

Date of Award


Document Type

Thesis - ECU Access Only


Edith Cowan University

Degree Name

Master of Computing and Security by Research


School of Science

First Supervisor

Leslie F Sikos

Second Supervisor

Mike Johnstone

Third Supervisor

Patryk Szewczyk

Fourth Supervisor

James Jin Kang


In the domain of the Internet of Things (IoT), The Message Queueing Telemetry Protocol (MQTT) is the most widely used protocol for applications across a wide range of realms, including industrial automation, healthcare, smart homes, and smart cities; MQTT is also used in many other critical real-world applicastions. An example is BMW’s Car Sharing application, that uses MQTT to provide reliable connectivity. However, due to a lack of security considerations during the design of the MQTT protocol, all the networks implementing it are prone to cyberattacks, such as denial-of-service (DoS) attacks. While the research community has a primary focus on MQTT vulnerabilities from the perspective of intrusion detection, digital forensic considerations of the protocol have yet to be addressed. This work attempts to address this issue, specifically by generating a novel dataset based on data captured from a testbed in an IoT setting, and the application of optimised Machine Learning (ML) algorithms to differentiate between cyberattacks and benign network traffic. The philosophical assumptions guiding the conduct of this research are Positivist Paradigm, Quantitative Methodology, Experimental Research Mode, and Quasi-Experimental as a Sub-category. As a result of the IoT testbed construction, a substantial quantity of IoT data was produced, including standard MQTT data and ten different DoS and DDoS attack scenarios. In addition, a network forensic analysis of the collected data shows specific information that can be extracted and the differences between attacks and normal data. Also, eight different ML algorithms were compared, resulting in the suggestions of Random Forest (RF), XGBoost, and Artificial Neural Network (ANN) for use in the proposed framework. Gray Wolf Optimiser (GWO) was selected to combine RF and ANN in a core component of the framework. It has been demonstrated that RF with GWO and ANN with GWO can optimise results. The output of this research can have a potential impact on the implementations of MQTT-powered networks globally, thereby improving the security of modern networks that use this protocol.