Research Article
MQTT Traffic Collection and Forensic Analysis Framework
@INPROCEEDINGS{10.1007/978-3-031-36574-4_11, author={Raymond Chan and Wye Kaye Yan and Jung Man Ma and Kai Mun Loh and Greger Chen Zhi En and Malcolm Low and Habib Rehman and Thong Chee Phua}, title={MQTT Traffic Collection and Forensic Analysis Framework}, proceedings={Digital Forensics and Cyber Crime. 13th EAI International Conference, ICDF2C 2022, Boston, MA, November 16-18, 2022, Proceedings}, proceedings_a={ICDF2C}, year={2023}, month={7}, keywords={Building management system forensic analysis MQTT Internet of Things}, doi={10.1007/978-3-031-36574-4_11} }- Raymond Chan
Wye Kaye Yan
Jung Man Ma
Kai Mun Loh
Greger Chen Zhi En
Malcolm Low
Habib Rehman
Thong Chee Phua
Year: 2023
MQTT Traffic Collection and Forensic Analysis Framework
ICDF2C
Springer
DOI: 10.1007/978-3-031-36574-4_11
Abstract
Message Queue Telemetry Transport (MQTT) is a common protocol used for Internet-of-Things (IoT) devices communication. In recent years, IoT devices are deployed in Operational Technology (OT) systems such as building management system (BMS). It enables the capability to control the infrastructure within a building, and can be considered a miniature industrial control system. With the increased use of these devices to further enhance the functionality of such systems, there is also an increased risk of vulnerabilities that come with these devices. Cyber-security must be one of the top priorities to be taken into the consideration at the various stages when designing the BMS to achieve operational reliability. In this paper, we proposed a real-time MQTT logging and abnormal detection framework with push notifications. It can be used to collect digital evidence for forensic investigation and monitor cyber-attacks.
