A Protocol-Aware P4 Pipeline for MQTT Security and Anomaly Mitigation in Edge IoT Systems
- URL: http://arxiv.org/abs/2601.07536v1
- Date: Mon, 12 Jan 2026 13:38:59 GMT
- Title: A Protocol-Aware P4 Pipeline for MQTT Security and Anomaly Mitigation in Edge IoT Systems
- Authors: Bui Ngoc Thanh Binh, Pham Hoai Luan, Le Vu Trung Duong, Vu Tuan Hai, Yasuhiko Nakashima,
- Abstract summary: Cloud-based intrusion detection systems add latency that is unsuitable for real-time control.<n>We propose a data-plane enforcement scheme for protocol-aware security and anomaly detection at the network edge.<n>Experiments on a Mininet/BMv2 testbed demonstrate high policy enforcement accuracy (99.8%, within 95% CI), strong anomaly detection sensitivity (98% true-positive rate), and high delivery >99.9% for 100-second-5kpps.
- Score: 0.8481798330936976
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: MQTT is the dominant lightweight publish--subscribe protocol for IoT deployments, yet edge security remains inadequate. Cloud-based intrusion detection systems add latency that is unsuitable for real-time control, while CPU-bound firewalls and generic SDN controllers lack MQTT awareness to enforce session validation, topic-based authorization, and behavioral anomaly detection. We propose a P4-based data-plane enforcement scheme for protocol-aware MQTT security and anomaly detection at the network edge. The design combines parser-safe MQTT header extraction with session-order validation, byte-level topic-prefix authorization with per-client rate limiting and soft-cap enforcement, and lightweight anomaly detection based on KeepAlive and Remaining Length screening with clone-to-CPU diagnostics. The scheme leverages stateful primitives in BMv2 (registers, meters, direct counters) to enable runtime policy adaptation with minimal per-packet latency. Experiments on a Mininet/BMv2 testbed demonstrate high policy enforcement accuracy (99.8%, within 95% CI), strong anomaly detection sensitivity (98\% true-positive rate), and high delivery >99.9% for 100--5~kpps; 99.8% at 10~kpps; 99.6\% at 16~kpps) with sub-millisecond per-packet latency. These results show that protocol-aware MQTT filtering can be efficiently realized in the programmable data plane, providing a practical foundation for edge IoT security. Future work will validate the design on production P4 hardware and integrate machine learning--based threshold adaptation.
Related papers
- A Lightweight Defense Mechanism against Next Generation of Phishing Emails using Distilled Attention-Augmented BiLSTM [34.0814379994364]
The MobileBERT teacher receives fine-tuning before its transformation into a BiLSTM model with multi-head attention.<n>The system demonstrates excellent performance in terms of accuracy and latency while maintaining a compact size.<n>The paper examines system performance under high traffic conditions and security measures for privacy protection and implementation methods for operational deployment.
arXiv Detail & Related papers (2026-02-24T20:06:45Z) - Breaking the Protocol: Security Analysis of the Model Context Protocol Specification and Prompt Injection Vulnerabilities in Tool-Integrated LLM Agents [0.0]
The Model Context Protocol (MCP) has emerged as a de facto standard for integrating Large Language Models with external tools.<n>We present the first rigorous security analysis of MCP's architectural design, identifying three fundamental protocol-level vulnerabilities.<n>Our findings establish that MCP's security weaknesses are architectural rather than implementation-specific, requiring protocol-level remediation.
arXiv Detail & Related papers (2026-01-24T18:40:17Z) - LiQSS: Post-Transformer Linear Quantum-Inspired State-Space Tensor Networks for Real-Time 6G [85.58816960936069]
Proactive and agentic control in Sixth-Generation (6G) Open Radio Access Networks (O-RAN) requires control-grade prediction under stringent Near-Time (Near-RT) latency and computational constraints.<n>This paper investigates a post-Transformer paradigm for efficient radio telemetry forecasting.<n>We propose a quantum-inspired state-space tensor network that replaces self-attention with stable structured state-space dynamics kernels.
arXiv Detail & Related papers (2026-01-18T12:08:38Z) - IMS: Intelligent Hardware Monitoring System for Secure SoCs [0.0]
This paper presents an intelligent hardware monitoring system (IMS) for real-time detection of AXI protocol violations.<n>For model training, we perform DoS attacks through header-field manipulation and systematic malicious operations.<n>We then deploy a quantization-optimized neural network, achieving 98.7% detection accuracy with =3% latency overhead.
arXiv Detail & Related papers (2026-01-16T17:10:17Z) - LUT-Compiled Kolmogorov-Arnold Networks for Lightweight DoS Detection on IoT Edge Devices [20.271194684947282]
Kolmogorov-Arnold Networks (KANs) offer a compact alternative to Multi-Layer Perceptrons (MLPs)<n>B-spline evaluation introduces significant computational overhead unsuitable for latency-critical IoT applications.<n>We propose a lookup table (LUT) compilation pipeline that replaces expensive spline computations with precomputed quantized tables.
arXiv Detail & Related papers (2026-01-12T22:32:18Z) - AegisMCP: Online Graph Intrusion Detection for Tool-Augmented LLMs on Edge Devices [5.081228499547384]
We introduce AegisMCP, a protocol-level intrusion detector.<n>AegisMCP achieves sub-second per-window model inference and end-to-end alerting.
arXiv Detail & Related papers (2025-10-22T10:50:22Z) - A multi-layered embedded intrusion detection framework for programmable logic controllers [0.0]
This research presents an embedded intrusion detection system that runs inside the controller and uses header-level telemetry to detect and respond to network attacks.<n>The proposed architecture provides a multi-layer embedded security that meets the real-time requirements of an industrial system.
arXiv Detail & Related papers (2025-10-08T16:12:02Z) - CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z) - CryptoFormalEval: Integrating LLMs and Formal Verification for Automated Cryptographic Protocol Vulnerability Detection [41.94295877935867]
We introduce a benchmark to assess the ability of Large Language Models to autonomously identify vulnerabilities in new cryptographic protocols.
We created a dataset of novel, flawed, communication protocols and designed a method to automatically verify the vulnerabilities found by the AI agents.
arXiv Detail & Related papers (2024-11-20T14:16:55Z) - Device-Independent Quantum Key Distribution Based on Routed Bell Tests [0.0]
In some protocols, photons from the source are routed by an actively controlled switch to a nearby test device instead of the distant one.<n>We show how to analyze the security of these protocols and compute lower bounds on the key rates.<n>For high-quality short-path tests, we find that routed DIQKD protocols are significantly more robust to losses.
arXiv Detail & Related papers (2024-04-01T15:59:09Z) - PTPsec: Securing the Precision Time Protocol Against Time Delay Attacks Using Cyclic Path Asymmetry Analysis [1.765099515298011]
Precision Time Protocol (PTP) can accomplish high-precision time synchronization in trusted environments.
Time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected.
This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements.
arXiv Detail & Related papers (2024-01-19T12:35:00Z) - Introducing a Deep Neural Network-based Model Predictive Control
Framework for Rapid Controller Implementation [41.38091115195305]
This work presents the experimental implementation of a deep neural network (DNN) based nonlinear MPC for Homogeneous Charge Compression Ignition (HCCI) combustion control.
Using the acados software package to enable the real-time implementation of the MPC on an ARM Cortex A72, the optimization calculations are completed within 1.4 ms.
The IMEP trajectory following of the developed controller was excellent, with a root-mean-square error of 0.133 bar, in addition to observing process constraints.
arXiv Detail & Related papers (2023-10-12T15:03:50Z) - Robust and efficient verification of graph states in blind
measurement-based quantum computation [52.70359447203418]
Blind quantum computation (BQC) is a secure quantum computation method that protects the privacy of clients.
It is crucial to verify whether the resource graph states are accurately prepared in the adversarial scenario.
Here, we propose a robust and efficient protocol for verifying arbitrary graph states with any prime local dimension.
arXiv Detail & Related papers (2023-05-18T06:24:45Z) - Data post-processing for the one-way heterodyne protocol under
composable finite-size security [62.997667081978825]
We study the performance of a practical continuous-variable (CV) quantum key distribution protocol.
We focus on the Gaussian-modulated coherent-state protocol with heterodyne detection in a high signal-to-noise ratio regime.
This allows us to study the performance for practical implementations of the protocol and optimize the parameters connected to the steps above.
arXiv Detail & Related papers (2022-05-20T12:37:09Z) - Near-chip Dynamic Vision Filtering for Low-Bandwidth Pedestrian
Detection [99.94079901071163]
This paper presents a novel end-to-end system for pedestrian detection using Dynamic Vision Sensors (DVSs)
We target applications where multiple sensors transmit data to a local processing unit, which executes a detection algorithm.
Our detector is able to perform a detection every 450 ms, with an overall testing F1 score of 83%.
arXiv Detail & Related papers (2020-04-03T17:36:26Z) - Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem.
We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection.
We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.