DDoS attack detection and classification for the MQTT-IoT protocol using LSTM models

The Message Queue Telemetry Transport (MQTT) protocol serves as a vital publishsubscribe messaging standard, enabling seamless communication across critical Internet of Things (IoT) infrastructures. However, the widespread adoption of MQTT has heightened vulnerability to cybersecurity threats, notably to Distributed Denial of Service (DDoS) attacks. These attacks overwhelm MQTT brokers with malicious traffic, leading to service disruptions. In this study, we developed a deep learning model to detect DDoS attacks within MQTT-IoT networks, comparing several candidate architectures: Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), and Multi-Layer Perceptron (MLP). Model evaluation utilized a publicly available, real-world MQTT dataset containing both DDoS attacks and normal traffic. The experiment result illustrated that our proposed LSTM attained 99.53\% F1-score, outperforming the best models from the literature. This aligns with the observation that MQTT-based attacks are primarily sequential anomalies, where the spatial structure has a lower importance, and where the LSTM can take advantage of its ability to model temporal attack signatures.