This work addresses the lack of low-latency, protocol-aware security mechanisms for MQTT in edge IoT environments, where conventional cloud-based detection and generic firewalls fail to enable fine-grained session validation and anomaly identification. The paper presents the first implementation of deep MQTT parsing and state-aware security policies within a P4-programmable data plane, establishing an edge-resident enforcement pipeline. This pipeline supports in-order session verification, byte-level topic prefix authorization, rate limiting, and lightweight anomaly detection, with the capability for dynamic policy updates. Experimental results demonstrate that under traffic loads ranging from 100 to 16 kpps, the system achieves a message delivery rate exceeding 99.6%, policy enforcement accuracy of 99.8%, a true positive rate of 98% for anomaly detection, and per-packet processing latency below 1 millisecond.

MQTT is the dominant lightweight publish--subscribe protocol for IoT deployments, yet edge security remains inadequate. Cloud-based intrusion detection systems add latency that is unsuitable for real-time control, while CPU-bound firewalls and generic SDN controllers lack MQTT awareness to enforce session validation, topic-based authorization, and behavioral anomaly detection. We propose a P4-based data-plane enforcement scheme for protocol-aware MQTT security and anomaly detection at the network edge. The design combines parser-safe MQTT header extraction with session-order validation, byte-level topic-prefix authorization with per-client rate limiting and soft-cap enforcement, and lightweight anomaly detection based on KeepAlive and Remaining Length screening with clone-to-CPU diagnostics. The scheme leverages stateful primitives in BMv2 (registers, meters, direct counters) to enable runtime policy adaptation with minimal per-packet latency. Experiments on a Mininet/BMv2 testbed demonstrate high policy enforcement accuracy (99.8%, within 95% CI), strong anomaly detection sensitivity (98\% true-positive rate), and high delivery>99.9% for 100--5~kpps; 99.8% at 10~kpps; 99.6\% at 16~kpps) with sub-millisecond per-packet latency. These results show that protocol-aware MQTT filtering can be efficiently realized in the programmable data plane, providing a practical foundation for edge IoT security. Future work will validate the design on production P4 hardware and integrate machine learning--based threshold adaptation.