The Message Queuing Telemetry Transport (MQTT) protocol, widely used in Internet of Things (IoT) environments due to its lightweight and efficient architecture, introduces notable security vulnerabilities that make systems prone to cyberattacks. This study focuses on detecting and classifying cyberattacks conducted in a real MQTT-based IoT test environment. The implemented attacks include address resolution protocol (ARP) poisoning as well as various traffic-based attacks targeting MQTT Publish operations, and devices such as ThingSpeak and Wipro Bulb. Data collected from these attacks were processed through data preprocessing, labeling, and training phases, and analyzed using machine learning and artificial neural network models. Classifiers such as Decision Tree, k-Nearest Neighbors (k-NN), Naive Bayes, Support Vector Machines (SVM), Random Forest, and Multilayer Perceptron (MLP) were employed and evaluated based on accuracy, precision, recall, and F1-score. The Decision Tree model, in particular, demonstrated high accuracy, scalability, and low classification latency, making it highly effective in distinguishing complex attack types. The dataset, created under controlled real-world attack scenarios, provides a more realistic alternative to synthetic datasets commonly found in the literature. The inclusion of multi-protocol traffic and interactions from diverse devices allowed for robust testing of model generalization. Furthermore, the ability to analyze third-party IoT platforms and smart devices operating with MQTT traffic showed the model's potential for device-independent detection. This study not only delivers insights specific to MQTT security but also contributes more broadly to IoT protocol security, offering practical implications for the protection of critical infrastructures such as smart homes, smart factories, and smart cities.