A Novel Stateful Authentication Framework Approach with LLM-based IDS for MQTT Security

Message Queue Telemetry Transport (MQTT), a widely used messaging protocol in IoT applications, faces significant security challenges, particularly with denial-of-service attacks and ensuring continuous, secure communication. Traditional security measures, like TLS/SSL, often introduce CPU overhead, bandwidth issues, and require complex certificate management. This paper has two main objectives: first, to provide a comprehensive review of MQTT security, detailing how MQTT operates, the associated security vulnerabilities, and existing solutions; and second, to propose a framework called the Stateful Authentication Framework (SAF). SAF enhances MQTT security through two key components: the SAF authentication protocol and a Large Language Model (LLM)-based Intrusion Detection System (IDS). The SAF protocol uses client-state information to establish secure, stateful interactions between clients and brokers, and incorporates a multi-factor authentication mechanism to prevent replay attacks and unauthorized access. Our evaluation of SAF shows that it significantly improves MQTT security, with Scyther simulations confirming the robustness of the protocol against known generic attacks. Additionally, the LLM-based IDS that integrates SAF’s security policies provides an advanced approach for detecting intrusions. To our knowledge, this is the first integrated approach combining a state-based authentication protocol and LLM-based IDS to tackle MQTT security challenges.