Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RESTRAIN: Reinforcement Learning-Based Secure Framework for Trigger-Action IoT Environment

Md Morshed Alam, Lokesh Chandra Das, Sandip Roy, Sachin Shetty, Weichao Wang

TL;DR

RESTRAIN targets the problem of remote injection attacks in trigger-action IoT environments by employing a multi-agent reinforcement learning framework that trains a defense agent to profile and counter attacker actions in real time. It formulates both attack and defense strategies as DRQN-based policies within an OpenAI Gym-structured IoT environment and introduces novel reward structures that encourage prudent reconnaissance and proactive blocking. The study demonstrates that RESTRAIN can effectively defend against dynamic attacks with convergence in learned policies and low computational overhead, suggesting practical viability for real-world deployments. The approach advances online, platform-agnostic IoT security by incorporating opponent modeling and policy-compliance checks to maintain network functionality while mitigating attacks.

Abstract

Internet of Things (IoT) platforms with trigger-action capability allow event conditions to trigger actions in IoT devices autonomously by creating a chain of interactions. Adversaries exploit this chain of interactions to maliciously inject fake event conditions into IoT hubs, triggering unauthorized actions on target IoT devices to implement remote injection attacks. Existing defense mechanisms focus mainly on the verification of event transactions using physical event fingerprints to enforce the security policies to block unsafe event transactions. These approaches are designed to provide offline defense against injection attacks. The state-of-the-art online defense mechanisms offer real-time defense, but extensive reliability on the inference of attack impacts on the IoT network limits the generalization capability of these approaches. In this paper, we propose a platform-independent multi-agent online defense system, namely RESTRAIN, to counter remote injection attacks at runtime. RESTRAIN allows the defense agent to profile attack actions at runtime and leverages reinforcement learning to optimize a defense policy that complies with the security requirements of the IoT network. The experimental results show that the defense agent effectively takes real-time defense actions against complex and dynamic remote injection attacks and maximizes the security gain with minimal computational overhead.

RESTRAIN: Reinforcement Learning-Based Secure Framework for Trigger-Action IoT Environment

TL;DR

RESTRAIN targets the problem of remote injection attacks in trigger-action IoT environments by employing a multi-agent reinforcement learning framework that trains a defense agent to profile and counter attacker actions in real time. It formulates both attack and defense strategies as DRQN-based policies within an OpenAI Gym-structured IoT environment and introduces novel reward structures that encourage prudent reconnaissance and proactive blocking. The study demonstrates that RESTRAIN can effectively defend against dynamic attacks with convergence in learned policies and low computational overhead, suggesting practical viability for real-world deployments. The approach advances online, platform-agnostic IoT security by incorporating opponent modeling and policy-compliance checks to maintain network functionality while mitigating attacks.

Abstract

Internet of Things (IoT) platforms with trigger-action capability allow event conditions to trigger actions in IoT devices autonomously by creating a chain of interactions. Adversaries exploit this chain of interactions to maliciously inject fake event conditions into IoT hubs, triggering unauthorized actions on target IoT devices to implement remote injection attacks. Existing defense mechanisms focus mainly on the verification of event transactions using physical event fingerprints to enforce the security policies to block unsafe event transactions. These approaches are designed to provide offline defense against injection attacks. The state-of-the-art online defense mechanisms offer real-time defense, but extensive reliability on the inference of attack impacts on the IoT network limits the generalization capability of these approaches. In this paper, we propose a platform-independent multi-agent online defense system, namely RESTRAIN, to counter remote injection attacks at runtime. RESTRAIN allows the defense agent to profile attack actions at runtime and leverages reinforcement learning to optimize a defense policy that complies with the security requirements of the IoT network. The experimental results show that the defense agent effectively takes real-time defense actions against complex and dynamic remote injection attacks and maximizes the security gain with minimal computational overhead.

Paper Structure

This paper contains 18 sections, 3 equations, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Attack Overview
  3. Attack Characterization
  4. Threat Model
  5. RESTRAIN:Reinforcement Learning-based Secure Framework for Trigger-Action IoT Environment
  6. System Environment
  7. Attack Agent
  8. Reward Function
  9. Defense Agent
  10. Reward Function
  11. Simulation Results
  12. Experiment
  13. Performance Evaluation
  14. Attack-Defense Reward
  15. Attack-Defense Dynamic
  16. ...and 3 more sections

Figures (6)

  • Figure 1: Remote injection attack scenario.
  • Figure 2: System overview of RESTRAIN. The attack agent and the defense agent take $u_t$ and $v_t$ actions, respectively, at current time-step based on the observation $s_t$ from the environment. The agents have the capability of profiling opponents' actions as their observation. The defense action goes through the policy compliance check before applying to the IoT environment.
  • Figure 3: The reward graphs for the attack agent and the defense agent.
  • Figure 4: Injection-Block actions taken by attack and defense agents.
  • Figure 5: The defense tolerance level vs the attack proximity factor.
  • ...and 1 more figures