Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Deep Reinforcement Learning Approach for Security-Aware Service Acquisition in IoT

Marco Arazzi, Serena Nicolazzo, Antonino Nocera

TL;DR

The paper tackles the challenge of enabling end-users to control privacy and security during IoT service acquisition by introducing a deep reinforcement learning framework where a user agent learns to select service providers that satisfy SecSLA/PLA-derived security classes within operational deadlines. The approach models IoT as a graph with WSLA-defined services and a weighted security lattice, enabling a security-loss-based reward that balances operation completion with security/privacy constraints. A Deep Q-Network drives the agent’s decisions, employing Accept-Action and Decline-Action strategies, along with a contact-list mechanism to store and reuse favorable providers. Extensive experiments using NYC-based movement data demonstrate high operation completion with controlled security loss, and show that even lightweight IoT devices can perform real-time inference, supporting practical deployment in smart-city scenarios.

Abstract

The novel Internet of Things (IoT) paradigm is composed of a growing number of heterogeneous smart objects and services that are transforming architectures and applications, increasing systems' complexity, and the need for reliability and autonomy. In this context, both smart objects and services are often provided by third parties which do not give full transparency regarding the security and privacy of the features offered. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in Cloud-based scenarios, and also in the IoT context, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that defines suitable levels of privacy and security requirements in the acquisition of services in IoT, according to the user needs. Through the use of a Reinforcement Learning based solution, a user agent, inside the environment, is trained to choose the best smart objects granting access to the target services. Moreover, the solution is designed to guarantee deadline requirements and user security and privacy needs. Finally, to evaluate the correctness and the performance of the proposed approach we illustrate an extensive experimental analysis.

A Deep Reinforcement Learning Approach for Security-Aware Service Acquisition in IoT

TL;DR

The paper tackles the challenge of enabling end-users to control privacy and security during IoT service acquisition by introducing a deep reinforcement learning framework where a user agent learns to select service providers that satisfy SecSLA/PLA-derived security classes within operational deadlines. The approach models IoT as a graph with WSLA-defined services and a weighted security lattice, enabling a security-loss-based reward that balances operation completion with security/privacy constraints. A Deep Q-Network drives the agent’s decisions, employing Accept-Action and Decline-Action strategies, along with a contact-list mechanism to store and reuse favorable providers. Extensive experiments using NYC-based movement data demonstrate high operation completion with controlled security loss, and show that even lightweight IoT devices can perform real-time inference, supporting practical deployment in smart-city scenarios.

Abstract

The novel Internet of Things (IoT) paradigm is composed of a growing number of heterogeneous smart objects and services that are transforming architectures and applications, increasing systems' complexity, and the need for reliability and autonomy. In this context, both smart objects and services are often provided by third parties which do not give full transparency regarding the security and privacy of the features offered. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in Cloud-based scenarios, and also in the IoT context, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that defines suitable levels of privacy and security requirements in the acquisition of services in IoT, according to the user needs. Through the use of a Reinforcement Learning based solution, a user agent, inside the environment, is trained to choose the best smart objects granting access to the target services. Moreover, the solution is designed to guarantee deadline requirements and user security and privacy needs. Finally, to evaluate the correctness and the performance of the proposed approach we illustrate an extensive experimental analysis.
Paper Structure (21 sections, 15 equations, 9 figures, 7 tables)

This paper contains 21 sections, 15 equations, 9 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Use case scenario
  3. Related Work
  4. Description of Our Approach
  5. The underlying IoT Model
  6. Security Level Agreement mapping
  7. A Deep Reinforcement Learning Solution
  8. Actions
  9. Rewards
  10. Reward Function: Accept-Action
  11. Reward Function: Decline-Action
  12. Contact List Management
  13. Final States
  14. Experiments and Results
  15. Dataset
  16. ...and 6 more sections

Figures (9)

  • Figure 1: IoT reference scenario
  • Figure 2: Weighted security lattice over the security properties.
  • Figure 3: The general scheme of our framework.
  • Figure 4: Representation of our Deep Reinforcement Learning scheme
  • Figure 5: Two graphical representation of the simulated environment
  • ...and 4 more figures

Theorems & Definitions (7)

  • Definition 4.1
  • Definition 4.2
  • Definition 4.3
  • Definition 4.4
  • Definition 4.5
  • Example 5.1
  • Example 5.1