ARTEMIS: An intrusion detection system for mqtt attacks in internet of things

Ciklabakkal E., DÖNMEZ A., Erdemir M., Suren E., YILMAZ M. T. , ANGIN P.

38th IEEE International Symposium on Reliable Distributed Systems, SRDS 2019, Lyon, France, 1 - 04 October 2019, pp.369-371 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1109/srds47363.2019.00053
  • City: Lyon
  • Country: France
  • Page Numbers: pp.369-371
  • Keywords: IoT, Intrusion Detection, MQTT
  • Middle East Technical University Affiliated: Yes


The Internet of Things (IoT) is now being used increasingly in transportation, healthcare, agriculture, smart home and city systems. IoT devices, the number of which is expected to reach 25 billion all over the world by 2021, are required to be deployed very fast, taking into account commercial pressures. This results in a very important layer, i.e. security, being either completely neglected or having significant shortcomings. Since IoT has a heterogeneous structure, there is a need for intrusion detection systems (IDSs) that take into account the specifics of an IoT system architecture, including the computing power limitations, variety of protocols and prevalence of zero-day attacks. In this paper, we describe ARTEMIS, an IDS for IoT, which processes data from IoT devices using machine learning to detect deviations from the normal behavior of the system and generates alerts in case of anomalies. We have implemented a prototype of the system using IoT devices subscribed to topics at an MQTT broker and provide experimental evaluation of the system under MQTT-related attacks.