一种基于随机森林算法的MQTT异常流量检测方法

工业物联网系统所面临的网络安全威胁随着物联网技术的广泛应用日益增加，信息安全问题已成为其发展过程中的一大挑战。MQTT（Message Queuing Telemetry Transport）协议是物联网通信的主流协议，基于该协议的物联网通信安全研究是当前研究的热点话题。传统的流量识别技术如深度包检测无法有效地识别符合包格式的异常流量，而基于机器学习理论的异常流量识别技术则表现出很好的效果。对此提出一种基于随机森林算法的MQTT异常流量检测方法，实现整体高于90%的MQTT异常流量识别准确度，与其他常用分类模型相比拥有更好的识别效果。

A MQTT Abnormal Traffic Detection Method Based on Random Forest Algorithm

With the wide application of Internet of things technology, the industrial Internet of things system suffers from increasing network security threats, and information security becomes a major challenge in its development. The MQTT (Message Queuing Telemetry Transport) protocol is the mainstream protocol for Internet of things communication. The research on communication security of Internet of things based on the protocol is a hot topic at present. In order to ensure the communication security of restricted devices in the Internet of things, this paper focuses on the abnormal detection of MQTT traffic. Traditional traffic identification technology such as deep packet inspection cant effectively identify abnormal traffic conforming to packet format, and abnormal traffic identification technology based on machine learning theory shows very good effect. For this, a MQTT abnormal traffic detection method based on random forest algorithm is proposed, which achieves an overall accuracy of more than 90% and gets better recognition effect than other common classification models.