Modern IoT ecosystems face many security issues. An aspect often neglected concerns covert channels, which allow for exfiltrating data or preventing detection. To this aim, the Message Queuing Telemetry Transport (MQTT) protocol can be abused to create various hidden communication paths, mainly due to its textual nature. Alas, simpler detection metrics could be ineffective and their optimization requires a vast number of test cases. Therefore, this paper proposes to use a small language model trained over real MQTT topics to automatically generate the required test cases. Results indicate the need for optimizations to make popular detection metrics usable 'in the wild'.
Mitigation of Covert Communications in MQTT Topics Through Small Language Models
Polisiani, Camilla Cespi;Calzarossa, Maria Carla;Caviglione, Luca;
2024-01-01
Abstract
Modern IoT ecosystems face many security issues. An aspect often neglected concerns covert channels, which allow for exfiltrating data or preventing detection. To this aim, the Message Queuing Telemetry Transport (MQTT) protocol can be abused to create various hidden communication paths, mainly due to its textual nature. Alas, simpler detection metrics could be ineffective and their optimization requires a vast number of test cases. Therefore, this paper proposes to use a small language model trained over real MQTT topics to automatically generate the required test cases. Results indicate the need for optimizations to make popular detection metrics usable 'in the wild'.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
