Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Proactive Detection of Physical Inter-rule Vulnerabilities in IoT Services Using a Deep Learning Approach

Bing Huang, Chen Chen, Kwok-Yan Lam, Fuqun Huang

TL;DR

This work tackles the problem of physical inter-rule vulnerabilities in IoT TAP systems by proposing a proactive, design-stage framework. It combines a Transformer-based rule extractor to convert natural-language descriptions into trigger-action rules, an NLP component (via ChatGPT-4) to identify environment channels, and a formal vulnerability detector to uncover Environment Channel Rule Chain and Environment Channel Interference scenarios among extracted rules. Experiments on 27,983 IFTTT rules yield 95.22% rule-extraction accuracy, while analysis of 60 SmartThings apps reveals 99 vulnerabilities, with 60.6% being chains. The approach demonstrates how early, automated detection can reduce the risk of unsafe or conflicting IoT configurations in smart homes and informs future risk assessment and user-preference considerations for resolving vulnerabilities.

Abstract

Emerging Internet of Things (IoT) platforms provide sophisticated capabilities to automate IoT services by enabling occupants to create trigger-action rules. Multiple trigger-action rules can physically interact with each other via shared environment channels, such as temperature, humidity, and illumination. We refer to inter-rule interactions via shared environment channels as a physical inter-rule vulnerability. Such vulnerability can be exploited by attackers to launch attacks against IoT systems. We propose a new framework to proactively discover possible physical inter-rule interactions from user requirement specifications (i.e., descriptions) using a deep learning approach. Specifically, we utilize the Transformer model to generate trigger-action rules from their associated descriptions. We discover two types of physical inter-rule vulnerabilities and determine associated environment channels using natural language processing (NLP) tools. Given the extracted trigger-action rules and associated environment channels, an approach is proposed to identify hidden physical inter-rule vulnerabilities among them. Our experiment on 27983 IFTTT style rules shows that the Transformer can successfully extract trigger-action rules from descriptions with 95.22% accuracy. We also validate the effectiveness of our approach on 60 SmartThings official IoT apps and discover 99 possible physical inter-rule vulnerabilities.

Proactive Detection of Physical Inter-rule Vulnerabilities in IoT Services Using a Deep Learning Approach

TL;DR

This work tackles the problem of physical inter-rule vulnerabilities in IoT TAP systems by proposing a proactive, design-stage framework. It combines a Transformer-based rule extractor to convert natural-language descriptions into trigger-action rules, an NLP component (via ChatGPT-4) to identify environment channels, and a formal vulnerability detector to uncover Environment Channel Rule Chain and Environment Channel Interference scenarios among extracted rules. Experiments on 27,983 IFTTT rules yield 95.22% rule-extraction accuracy, while analysis of 60 SmartThings apps reveals 99 vulnerabilities, with 60.6% being chains. The approach demonstrates how early, automated detection can reduce the risk of unsafe or conflicting IoT configurations in smart homes and informs future risk assessment and user-preference considerations for resolving vulnerabilities.

Abstract

Emerging Internet of Things (IoT) platforms provide sophisticated capabilities to automate IoT services by enabling occupants to create trigger-action rules. Multiple trigger-action rules can physically interact with each other via shared environment channels, such as temperature, humidity, and illumination. We refer to inter-rule interactions via shared environment channels as a physical inter-rule vulnerability. Such vulnerability can be exploited by attackers to launch attacks against IoT systems. We propose a new framework to proactively discover possible physical inter-rule interactions from user requirement specifications (i.e., descriptions) using a deep learning approach. Specifically, we utilize the Transformer model to generate trigger-action rules from their associated descriptions. We discover two types of physical inter-rule vulnerabilities and determine associated environment channels using natural language processing (NLP) tools. Given the extracted trigger-action rules and associated environment channels, an approach is proposed to identify hidden physical inter-rule vulnerabilities among them. Our experiment on 27983 IFTTT style rules shows that the Transformer can successfully extract trigger-action rules from descriptions with 95.22% accuracy. We also validate the effectiveness of our approach on 60 SmartThings official IoT apps and discover 99 possible physical inter-rule vulnerabilities.
Paper Structure (13 sections, 9 equations, 3 figures, 2 tables, 1 algorithm)

This paper contains 13 sections, 9 equations, 3 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Framework Overview
  3. IoT Rule Extraction
  4. Trigger-Action Rule Model
  5. A Deep Learning Approach for IoT Rule Extraction
  6. Environment Channel Identification
  7. Physical Inter-rule Vulnerability Detection
  8. Experimental Results
  9. Related Work
  10. Trigger-action programming
  11. Inter-Rule Vulnerability Detection
  12. Trigger-Action Rule Generation
  13. Conclusion and Future Work

Figures (3)

  • Figure 1: Overview of the proposed framework
  • Figure 2: Extracting IoT rules from descriptions
  • Figure 3: The architecture of the Transformer model.