Signature-Based Security Analysis and Detection of IoT Threats in Advanced Message Queuing Protocol
Abstract
:1. Introduction
- Distributed Denial of Service (DDoS): Overwhelming a system with traffic from compromised devices, causing service disruptions (e.g., CVE-2021-22116) [2].
- Man-in-the-Middle (MitM): Intercepting communications between devices to eavesdrop or manipulate data (e.g., CVE-2019-3845, CVE-2018-11087) [3].
- Brute Force: Systematic attempts to guess login credentials, leading to unauthorized access (e.g., CVE-2023-24448) [4].
- Limited Focus on AMQP-Specific Threats: Existing research predominantly addresses broader IoT security challenges, with insufficient emphasis on the unique vulnerabilities of AMQP [5].
- Theoretical Models Over Practical Scenarios: Many studies rely on analytical approaches, failing to account for the complexity of real-world IoT environments [5].
- Inadequate Cross-Protocol Considerations: Research often isolates protocols, ignoring interactions between AMQP and other IoT protocols that could introduce new vulnerabilities [8].
- Developing a Controlled Testbed: A simulated IoT environment is created to reproduce AMQP-specific attacks, including DDoS, MitM, and brute force scenarios.
- Designing a Statistical Model: A robust model is developed to identify and validate unique attack signatures within the AMQP protocol [5].
- Evaluating Real-World Impact: The variations and impacts of attacks on IoT systems are analyzed, providing actionable insights for improving AMQP security [9].
2. Research Gaps and Challenges
- Lack of Experimental Validation: None of the studies developed lab-based experiments or datasets to validate their findings.
- Absence of Protocol-Specific Focus: Few studies specifically address AMQP vulnerabilities or analyze attacks within the context of individual protocols.
- Theoretical Approaches: Much of the research is based on literature reviews and lacks practical implementation or novel dataset creation to enhance its applicability.
3. Literature Review
3.1. Protocol Overview
- MQTT (Message Queuing Telemetry Transport): A lightweight publish–subscribe protocol optimized for constrained environments with low bandwidth, high latency, and limited resources [16].
3.2. Vulnerabilities
- Broker Overload: AMQP’s reliance on brokers introduces risks such as exhaustion of resources during Distributed Denial-of-Service (DDoS) attacks [5].
- Replay Attacks: AMQP’s session-oriented nature is susceptible to packet replay, where attackers resend captured packets to disrupt communication [10].
- Queue Manipulation: Attackers may exploit unsecured queues to reroute, drop, or duplicate messages, compromising data integrity [11].
- Man-in-the-Middle (MitM) Attacks: Without robust encryption, AMQP is vulnerable to MitM attacks, allowing adversaries to intercept and alter messages [14].
3.3. Security Measures for AMQP
- Replay Protection: Implementing message sequencing or unique identifiers to detect and discard replayed packets [10].
- Broker Hardening: Rate-limiting, load balancing, and resource allocation to prevent broker exhaustion during DDoS attacks [5].
- Encrypted Queues: Using TLS for secure message queuing and routing, ensuring end-to-end confidentiality [7].
- Access Controls: Role-based access control (RBAC) for restricting unauthorized queue access.
- Enhanced Authentication: Adopting mutual TLS or token-based mechanisms to prevent impersonation [9].
- Activity Monitoring: Real-time monitoring of message queues to detect anomalies indicative of manipulation [8].
4. Overview of AMQP in IoT Systems
- Producers: Entities that generate and send messages.
- Consumers: Entities that receive and process messages.
- Message Queues: Temporarily store messages until they are retrieved by consumers.
- Exchanges: Route messages to appropriate queues based on predefined rules.
Analysis of AMQP Normal Traffic
5. Attack Description and Explanation
5.1. Experiment Setup
- Hardware Configuration:
- –
- The primary lab machine is a Dell XPS Windows 11 laptop with 1 TB SSD, an Intel Core i5-11270U processor, 16 GB of RAM, and a 4 GB NVIDIA RTX GPU.
- –
- Virtual machines (VMs) are managed using VirtualBox. An Ubuntu-based VM serves as the AMQP server, with 4 GB of RAM, 20 GB of storage, and 2 CPU cores.
- –
- Each IoT device is simulated using a VM allocated 2 GB of RAM, 15 GB of storage, and 1 CPU core.
- –
- Two attacker computers are configured with 4 CPU cores, 8 GB of RAM, and 80 GB of storage for launching attacks.
- Network Configuration
- –
- The virtual machines reside in a private network configured within VirtualBox’s internal networking mode to ensure isolated, controlled traffic flow.
- –
- The AMQP broker (RabbitMQ server) is assigned a fixed private IP (e.g., 192.168.180.230), with all IoT devices and attacker nodes connected through a virtual LAN (vLAN).
- –
- Packet capture and analysis were performed using Wireshark and tcpdump within the virtualized network.
- Platform for Simulating AttacksThe attack modeling and execution were performed within a controlled VirtualBox-based network, ensuring traffic flows accurately reflect AMQP-specific attack scenarios. The Ettercap tool was employed for MiTM attacks, while Hping3 and BruteMQ were used for DoS and brute force attacks, respectively.
5.2. Explanation of DoS Attack
- -d: Data size (in bytes).
- -p: Target port number.
- -S: SYN flag.
- –flood: Continuous packet sending.
- 192.168.180.230: Target IP address.
5.2.1. Experiment Results and Analysis
Experiment 1: SYN Flood Attack
- TCP Length: Typically zero during malicious SYN packets.
- Sequence and Acknowledgment Numbers: Randomized and manipulated to bypass detection.
- Window Size: The attacker uses a fixed size of 512, while the server defaults to 64240 due to its inability to detect the attack.
Experiment 2: Malicious Data in SYN Packets
Experiment 3: Larger Malicious Data Payloads
5.2.2. Traits and Signature of DoS Attacks
- TCP Flag Analysis: The model evaluates TCP flags such as SYN, ACK, and RST, which are critical in identifying connection-based anomalies. For instance, a high frequency of SYN packets without corresponding ACK responses is indicative of SYN flood attacks.
- Packet Frequency Monitoring: By observing the rate of incoming packets over a specific time window, the model detects sudden spikes in traffic volume, characteristic of volumetric DoS attacks.
- Sequence Number Irregularities: The statistical model monitors the continuity of sequence numbers in packet flows. Disruptions or repeated numbers often indicate replay attacks or DoS activities attempting to disrupt normal communication.
- Payload Size Analysis: The model detects anomalous traffic patterns by examining payload sizes. Abrupt changes in payload size, especially a large number of packets with empty payloads, are often linked to malicious traffic.
5.3. Explanation of Man-in-the-Middle (MiTM)
- -T: Enables text mode.
- -M arp: Specifies ARP poisoning as the attack method.
- /192.168.180.1/ /192.168.180.10/: Defines the IP addresses of the target and victim machines.
- Severity Warnings: Two instances of warnings related to potential IP address duplication were detected.
- Packet Length: The tcp.len parameter consistently measured 60 bytes across all traces.
- MAC Address Size: Both the attacker and victim systems maintained a hardware size of 6 bytes.
- Protocol Size: Remained uniformly at 4 bytes throughout all tests.
5.3.1. Analysis
- The binding IP and MAC addresses are identified as spoofed once a response is received.
- If no response is obtained, the packet is considered dropped.
- The syslog indicates warnings from the network manager regarding IP conflicts during the attack, further confirming malicious activity.
5.3.2. Traits and Signature
- Severity Warnings: Triggered by ARP protocol warnings due to duplicate IP and MAC addresses.
- Echo Requests and Replies: Used by the attacker to establish communication and monitor responses.
- Frame Length: Consistently measured at 60 bytes.
- Syslog Messages: Alerts about changes to AMQP IP address states.
5.4. Explanation of AMQP Brute Force Attack
- -d: Specifies the password list file.
- -u: Indicates the username (e.g., admin).
- -e: Specifies the target host and port.
- -t: Sets the timeout for the attack.
5.4.1. Brute Force Attack Signature
5.4.2. Analysis
- tcp.dstport=5672.
- tcp.len=0.
- seq.number=509.
- nxtseq.number=509.
- window.size=508.
- tcp.flag=0x014 in RST/ACK packets.
5.4.3. Traits and Signature
- TCP Destination Port (tcp.dstport=5672): Critical for AMQP protocol connections.
- TCP Length (tcp.len=0): Indicates no data in the packet payload.
- Sequence and Next Sequence Numbers (seq.num=509, nxtseq.num=509): Tracks packet order.
- Window Size (window.size=508): Reflects the data transmission capacity for the RST/ACK packet.
- TCP Flags (tcp.flag=0x014): Used to reset connections during repeated failed attempts.
5.4.4. Abnormal Traffic Features of AMQP Brute Force Attack
6. Analysis and Validation of Statistical Model for AMQP IoT Attack Detection
- Normal Traffic: Data packets representing typical, unaltered communication between IoT devices and the AMQP server.
- Malicious Traffic: Packets exhibiting abnormal behavior or unauthorized activities indicative of potential security threats.
- Attack Traffic: Packets directly associated with known attack patterns, such as DoS, MiTM, or brute force attacks.
- Benign Dataset: Contains only normal traffic to evaluate false positive rates.
- Malicious Dataset: Comprises known malicious and attack traffic for accuracy testing.
- Mixed Dataset: Includes both normal and malicious traffic to simulate real-world scenarios and measure overall detection performance.
- Blue: Represents normal traffic.
- Gray: Indicates malicious traffic.
- Red: Denotes attack traffic.
6.1. Feature Selection and Weighting
- TCP Flags: They indicate communication behaviors, such as connection initiation or termination, which are critical in identifying patterns related to DoS or MiTM attacks.
- Sequence Numbers: These help track packet flow, enabling the detection of anomalies like replay attacks or out-of-sequence packets.
- Payload Lengths: Variations in payload size can signal unusual traffic behaviors, often associated with brute force or protocol abuse.
- Packet Sizes: They serve as indicators of traffic irregularities, especially in cases of data exfiltration or malicious payload delivery.
Signature Definition and Extraction
- Feature-Based Quantification: Each signature is represented by a combination of features such as TCP flags, sequence numbers, payload lengths, and packet sizes. For instance, an SYN flood attack is characterized by a high frequency of SYN packets without corresponding ACK responses, while irregular sequence numbers may indicate replay attacks.
- Threshold Establishment: Statistical thresholds are set for each feature by analyzing normal traffic baselines. Any deviation beyond these thresholds is flagged as anomalous. For example, a spike in packet frequency or an unusual payload size may trigger an alert.
- Traffic Profiling: Traffic flows are monitored over time to identify repetitive patterns or behaviors indicative of malicious activity. These profiles form the foundation of the signature database.
- Empirical Validation: Known attack datasets and testbed simulations (e.g., using tools like hping3) are analyzed to identify consistent patterns that reliably distinguish malicious traffic from normal behavior. These findings are used to refine and validate the signature extraction process.
6.2. Detecting the DoS Attack
6.2.1. Detection Results for Normal and Malicious Datasets in DoS Attacks
- A total of 27.28% of the traces were identified as normal traffic.
- A total of 71.50% of the traces were classified as malicious traffic.
- A total of 1.22% of the traces were recognized as RST DoS packets.
6.2.2. Detection Results for Normal Dataset in AMQP Traffic Packets
- A 100% detection rate for normal traces.
- A 0% detection rate for malicious and RST traces.
6.2.3. Detection Results for Malicious Dataset in DoS Packets
- A total of 98.76% of the packets were classified as malicious traffic.
- A total of 1.13% of the packets were identified as RST DoS packets.
- A total of 0.10% of the packets were classified as normal traffic.
6.3. Detecting the MiTM Attack
6.3.1. Detection Results for Normal and Malicious Datasets in MiTM Attacks
- A total of 99.95% of packets were classified as normal.
- A total of 0.02% of packets were identified as malicious.
- A total of 0.04% of packets were recognized as duplicate IP address MiTM packets.
6.3.2. Detection Results for Normal Dataset in AMQP Traffic Packets
- Overall, 100% of normal packets were correctly identified.
- No MiTM attack or malicious packets were detected.
6.3.3. Detection Results for Malicious Dataset in MiTM Packets
- A total of 63.54% of packets were identified as malicious.
- A total of 30.21% of these malicious packets were associated with MiTM attacks.
- A total of 6.25% of packets were classified as normal traffic.
6.4. Detecting the Brute Force Attack
6.4.1. Detection Results for Normal and Malicious Datasets in Brute Force Attacks
- A total of 95.77% of the packets were classified as normal traffic.
- A total of 3.83% of the packets were identified as malicious traffic.
- A total of 0.40% of the packets were classified as AMQP RST/ACK brute force attack packets.
6.4.2. Detection Results for Normal Dataset in AMQP Traffic Packets
- A 100% detection rate for normal packets.
- A 0% detection rate for malicious and brute force attack packets.
6.4.3. Detection Results for Malicious Dataset in Brute Force Packets
- A total of 90.42% of the packets were classified as malicious traffic.
- A total of 9.56% of the packets were identified as brute force attack packets.
- A total of 0.02% of the packets were classified as normal traffic.
6.5. Summary of the Statistical Model Performance
6.5.1. Detection Accuracy Across Attack Scenarios
- DoS Attacks:
- –
- Detection Rate:
- *
- A total of 71.50% of packets were classified as malicious.
- *
- A total of 1.22% of packets were correctly identified as RST DoS-specific packets.
- –
- False Negatives: 27.28% of malicious traffic misclassified as normal packets, highlighting areas for refinement in recognizing subtle attack traces.
- MiTM Attacks:
- –
- Detection Rate:
- *
- A total of 0.04% of packets were accurately classified as duplicate IP MiTM traffic.
- *
- A total of 0.02% were categorized as general malicious traffic.
- –
- False Positives: Minimal, with 99.95% of normal traffic correctly classified, indicating strong reliability in non-attack scenarios.
- Brute Force Attacks:
- –
- Detection Rate:
- *
- A total of 3.83% of packets were identified as malicious.
- *
- A total of 0.40% were recognized as RST/ACK brute force packets.
- –
- False Positives: Negligible, with 95.77% of normal traffic classified correctly, although attack detection rates suggest opportunities to enhance granularity.
6.5.2. Performance on Normal Traffic Datasets
6.5.3. Performance on Malicious Traffic Datasets
- MiTM attacks: 63.54% of malicious packets were detected, with 30.21% accurately linked to MiTM signatures.
- Brute force attacks: 90.42% of malicious packets were detected, with 9.56% specifically associated with brute force signatures.
- False negatives: A small portion of malicious packets in each scenario was misclassified as normal traffic, suggesting scope for refinement in edge cases.
6.5.4. Insights and Areas for Improvement
- Advanced Metrics (Precision, Recall, AUC, Confusion Matrices): While incorporating advanced evaluation metrics would provide a more detailed assessment of model performance, this study prioritized practical detection measures—specifically detection accuracy and false positive/negative rates—to validate the feasibility of AMQP-based intrusion detection. Including additional metrics would have required expanded dataset validation and computational adjustments. However, our ongoing ML/DL research will inherently incorporate these advanced evaluation methods to ensure more robust performance assessment.
- Time-Series Analysis for Attack Evolution Detection: This study focused on static and event-based attack patterns, which are the most common in AMQP environments. While time-series analysis would provide deeper insights into evolving attack behaviors, it requires specialized modeling techniques, significantly larger datasets, and increased computational resources. Implementing time-series-based detection would have expanded the project’s scope beyond its primary objectives. However, our next research phase will employ Recurrent Neural Networks (RNNs) and Long Short-Term Memory (LSTM) models to analyze long-term AMQP attack patterns, addressing this gap.
- Detection of Subtle Attack Patterns (e.g., Misclassified DoS Traces): The current model is designed to detect major attack categories in AMQP-based IoT networks. Identifying subtle attack patterns, such as low-rate DoS attacks misclassified as normal traffic, requires adaptive thresholding and more sophisticated anomaly detection methods. These refinements were excluded to maintain the study’s focus on validating AMQP security at a fundamental level. However, our ongoing research explores deep learning-based anomaly detection techniques, such as autoencoders and Generative Adversarial Networks (GANs), to improve detection of stealthy, low-profile attacks.
- Granular Malicious Packet Classification for Brute Force and MitM Attacks: Improving the granularity of malicious packet classification requires more refined feature extraction and deep multi-label classification approaches. While the current study prioritizes broader attack categorization, our ongoing research is incorporating Convolutional Neural Networks (CNNs) and Transformer-based models to automatically extract deeper network features, enabling more precise attack classification. These enhancements were not included in this study due to dataset limitations and the need for additional training data, which are currently being curated.
6.5.5. Practical Implications
- Reliable differentiation between normal and malicious traffic.
- Effective detection of distinct attack signatures, supporting targeted threat mitigation.
- Robust performance across varied traffic scenarios, providing flexibility for deployment in dynamic IoT environments.
7. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Advanced Message Queuing Protocol (AMQP)—Complex Security. Available online: https://knowledge.complexsecurity.io/protocols/amqp/ (accessed on 1 January 2025).
- National Vulnerability Database. CVE-2021-22116: RabbitMQ AMQP Server Denial-of-Service Vulnerability. Available online: https://nvd.nist.gov/vuln/detail/CVE-2021-22116 (accessed on 1 January 2025).
- National Vulnerability Database. CVE-2018-11087: RabbitMQ AMQP Client Man-in-the-Middle (MitM) Vulnerability. Available online: https://nvd.nist.gov/vuln/detail/CVE-2018-11087 (accessed on 1 January 2025).
- BruteMQ: An Exotic Service Bruteforce Tool. Available online: https://github.com/codexlynx/brutemq (accessed on 1 January 2025).
- Alaiz-Moreton, H.; Aveleira-Mata, J.; Ondicol-Garcia, J.; Munoz-Castaneda, A.; Garcia, I.; Benavides, C. Multiclass classification procedure for detecting attacks on MQTT-IoT protocol. arXiv 2019, arXiv:2402.03270. [Google Scholar] [CrossRef]
- Amouri, A.; Alaparthy, V.; Morgera, S. A machine learning based intrusion detection system for mobile Internet of Things. Sensors 2020, 20, 461. [Google Scholar] [CrossRef] [PubMed]
- Haripriya, A.; Kulothungan, K. Secure-MQTT: An efficient fuzzy logic-based approach to detect DoS attacks in MQTT protocols for the Internet of Things. EURASIP J. Wirel. Commun. Netw. 2019, 2019, 90. [Google Scholar] [CrossRef]
- Liu, J.; Kantarci, B.; Adams, C. Machine learning-driven intrusion detection for Contiki-NG-based IoT networks exposed to the NSL-KDD dataset. In Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, Linz, Austria, 3 July 2020; pp. 25–30. [Google Scholar]
- Chaabouni, N.; Mosbah, M.; Zemmari, A.; Sauvignac, C.; Faruki, P. Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutor. 2019, 21, 2671–2701. [Google Scholar] [CrossRef]
- McAteer, I.; Malik, M.; Baig, Z.; Hannay, P. Security vulnerabilities and cyber threat analysis of the AMQP protocol for the internet of things. In Proceedings of the 15th Australian Information Security Management Conference, Perth, Australia, 5–6 December 2017. [Google Scholar]
- Gerodimos, A.; Maglaras, L.; Ferrag, M.; Ayres, N.; Kantzavelou, I. IoT: Communication protocols and security threats. Internet Things Cyber-Phys. Syst. 2023, 3, 1–13. [Google Scholar] [CrossRef]
- Swamy, S.; Jadhav, D.; Kulkarni, N. Security threats in the application layer in IOT applications. In Proceedings of the 2017 International Conference On I-SMAC (IoT in Social, Mobile, Analytics And Cloud) (i-SMAC), Palladam, Tamil Nadu, India, 10–11 February 2017; pp. 477–480. [Google Scholar]
- Özalp, A.; Albayrak, Z.; Çakmak, M.; ÖzdoĞan, E. Layer-based examination of cyber-attacks in IoT. In Proceedings of the 2022 International Congress On Human-Computer Interaction, Optimization and Robotic Applications (HORA), Ankara, Turkey, 9–11 June 2022; pp. 1–10. [Google Scholar]
- Masoodi, F.; Alam, S.; Siddiqui, S. Security & privacy threats, attacks, and countermeasures in the Internet of Things. Int. J. Netw. Secur. Appl. 2019, 11, 1–19. [Google Scholar]
- Nebbione, G.; Calzarossa, M. Security of IoT application layer protocols: Challenges and findings. Future Internet 2020, 12, 55. [Google Scholar] [CrossRef]
- Andy, S.; Rahardjo, B.; Hanindhito, B. Attack scenarios and security analysis of MQTT communication protocol in IoT systems. In Proceedings of the 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), Yogyakarta, Indonesia, 19–21 September 2017; pp. 1–6. [Google Scholar]
- Tariq, M.; Khan, M.; Kim, D. Enhancements and challenges in CoAP. Sensors 2020, 20, 6391. [Google Scholar] [CrossRef] [PubMed]
- Thamer, A.; Aboubaker, L.; Mahdi, A. Security analysis of the constrained application protocol in the Internet of Things. In Proceedings of the Second International Conference on Future Generation Communication Technologies (FGCT 2013), London, UK, 12–14 December 2013. [Google Scholar]
- Vaccari, I.; Aiello, M.; Cambiaso, E. SlowITe, a novel denial of service attack affecting MQTT. Sensors 2020, 20, 2932. [Google Scholar] [CrossRef]
- Dinculeană, D.; Cheng, X. Vulnerabilities and limitations of MQTT protocol used between IoT devices. Appl. Sci. 2019, 9, 848. [Google Scholar] [CrossRef]
- Karagiannis, V.; Chatzimisios, P.; Vazquez-Gallego, F.; Alonso-Zarate, J. A survey on application layer protocols for the internet of things. Trans. IoT Cloud Comput. 2015, 3, 11–17. [Google Scholar]
- Santhosh Kumar, S.; Selvi, M.; Kannan, A. A comprehensive survey on machine learning-based intrusion detection systems for secure communication in the Internet of Things. Comput. Intell. Neurosci. 2023, 2023, 1–24. [Google Scholar] [CrossRef]
- Glaroudis, D.; Iossifides, A.; Chatzimisios, P. Survey, comparison, and research challenges of IoT application protocols for smart farming. Comput. Netw. 2020, 168, 107037. [Google Scholar] [CrossRef]
- Asharf, J.; Moustafa, N.; Khurshid, H.; Debie, E.; Haider, W.; Wahab, A. A review of intrusion detection systems using machine and deep learning in internet of things: Challenges, solutions and future directions. Electronics 2020, 9, 1177. [Google Scholar] [CrossRef]
- Aiash, M. AMQP Network Traffic Dataset: Normal and Malicious IoT Communications. Netw. Eng. 2025. [Google Scholar] [CrossRef]
Feature | AMQP | MQTT | CoAP |
---|---|---|---|
Primary Use Case | Enterprise-grade messaging | Lightweight communication | RESTful IoT interactions |
Transport | TCP | TCP | UDP |
Authentication | Strong (e.g., TLS, RBAC) | Limited | Limited |
Encryption | Mandatory (TLS recommended) | Optional (TLS/SSL) | Optional (DTLS) |
Key Vulnerabilities | Broker exhaustion, replay, MitM | Brute force, low-rate DoS | Amplification, eavesdropping |
Features | Abnormal Traffic |
---|---|
TCP Handshake | RST | SYN | SYN/ACK |
TCP Segment Features (Length | Seq | NxtSeq | Ack) | 0 | Randomized | 1 | Randomized |
Window Size | 512 (Attacker) | 64,240 (Target) |
Syslog Logs | TCP SYN flood detected on port 5672 |
Features | Abnormal Traffic |
---|---|
TCP Three-Way Handshake | Echo Ping Request | Echo Ping Reply |
Severity Level | Warning |
Frame Length | 60 bytes |
Syslog Messages | AMQP IP Address State Changed |
Features | Abnormal Traffic |
---|---|
TCP Three-Way Handshake | RST/ACK |
RST/ACK Packet | tcp.len=0 | seq=509 | nxtseq=509 | tcp.srcport=5672 | window.size=508 |
Syslog | Invalid credentials on port 5672 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hashimyar, M.E.; Aiash, M.; Khoshkholghi, A.; Nalli, G. Signature-Based Security Analysis and Detection of IoT Threats in Advanced Message Queuing Protocol. Network 2025, 5, 5. https://doi.org/10.3390/network5010005
Hashimyar ME, Aiash M, Khoshkholghi A, Nalli G. Signature-Based Security Analysis and Detection of IoT Threats in Advanced Message Queuing Protocol. Network. 2025; 5(1):5. https://doi.org/10.3390/network5010005
Chicago/Turabian StyleHashimyar, Mohammad Emran, Mahdi Aiash, Ali Khoshkholghi, and Giacomo Nalli. 2025. "Signature-Based Security Analysis and Detection of IoT Threats in Advanced Message Queuing Protocol" Network 5, no. 1: 5. https://doi.org/10.3390/network5010005
APA StyleHashimyar, M. E., Aiash, M., Khoshkholghi, A., & Nalli, G. (2025). Signature-Based Security Analysis and Detection of IoT Threats in Advanced Message Queuing Protocol. Network, 5(1), 5. https://doi.org/10.3390/network5010005