In the last decade, much effort has been focused on enhancing Cyber- Physical System (CPS). This trend ultimately lead to the vision of the Internet of Things (IoT). The IoT can be seen as a future Internet that consists of a global dynamic network of self configuring devices to merge the physical and virtual world. This vision is expected to provide many advantages for consumers and companies alike. However, as for all new technology adaptions, further research work and real-world application knowledge is needed. One of the mayor challenges is securing IoT ap- plications against malicious activities. Connecting physical assets to the Internet exposes them to many kind of threats which they have not been expose to before. Therefore, mechanical engineers designing such systems still lack the knowledge to develop appropriate measures to protect CPSs against cyber attacks. To maintain safety and security in working environ- ments and public spaces dedicated tools need to be developed to address the newly emerged challenges. Intrusion Detection Systems (IDSs) are one possibility to improve network security since they collect data from network traffic, analyse them and set appropriate counter measures if an intrusion is detected. Even though these system have been design in numerous variations the newly faced heterogeneity of devices in the newly envisioned Internet provides several new challenges which need to be solved. To contribute to the security and safety of future IoT environments, this thesis proposes a graph-based IDS to model domain knowledge and efficiently detect slow DoS attacks exploiting the commonly used MQTT protocol.
