Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Xuecai Feng,Jikai Han,Rui Zhang,Shuo Xu,Hui Xia

DOI: https://doi.org/10.1016/j.hcc.2023.100167

2024-01-01

High-Confidence Computing

Abstract:Currently, important privacy data of the Internet of Things (IoT) face extremely high risks of leakage. Attackers persistently engage in continuous attacks on terminal devices to obtain private data of crucial importance. Although significant progress has been made in recent years in deep reinforcement learning defense strategies, most defense methods still face problems such as low defense resource allocation efficiency and insufficient defense coordination capabilities. To solve the above problems, this paper constructs a novel adversarial security scenario and proposes a security game model that integrates defense resource allocation and patrol inspection. Regarding the above game model, this paper designs a deep reinforcement learning algorithm named SDSA to calculate its security defense strategy. SDSA calculates the allocation strategy of the best patrolling strategy that is most suitable for the defender by searching the policy on a multi-dimensional discrete action space, and enables multiple defense agents to cooperate efficiently by training a multi-intelligent Dueling Double Deep Q-Network (D3QN) with prioritized experience replay. Finally, the experimental results show that the SDSA-learned security defense strategy can provide a feasible and effective security protection strategy for defenders against attacks compared to the MADDPG and OptGradFP methods.

Zhengwei Zhu,Miaojie Chen,Chenyang Zhu,Yanping Zhu

DOI: https://doi.org/10.1016/j.cose.2023.103578

IF: 5.105

2024-01-01

Computers & Security

Abstract:Network security is a critical discipline in the contemporary digital world, encompassing diverse technologies and strategies aimed at safeguarding computer systems, networks, and data resources against malicious activities. The attackers and defenders are vital components in the context of network security and defense. Attackers employ various means to steal sensitive information, compromise system functionality, and potentially lead to substantial economic and societal damages. To address these challenges, various network attack and defense scenarios were constructed within the CybORG framework in this paper. In various scenarios, attacks were carried out by different attackers. This was done to investigate the diverse strategies employed by defenders in response to network intrusions across different scenarios. Additionally, real-time assessments of the effectiveness of defensive measures were conducted. To assess the efficacy of defense strategies, we propose DDQN-Dueling-Noisy-Experience Replay (DDQN-DNER), a deep reinforcement learning algorithm that trains the defense agent to take appropriate actions to protect the network as it transitions into various states of being under attack. Built upon the Deep Q-Network (DQN) algorithm, the DDQN-DNER method incorporates noise networks, additional experience replay, and distinguishes outputs into value functions and advantage functions, enabling the proactive updating of Q-network parameters based on optimal actions. Simultaneously, Gaussian noise is incorporated into the actions undertaken by the agents. Research findings indicate that as network complexity increases, it becomes more challenging for agents to formulate effective strategies, while lower network security enhances agent capability in strategic decision-making. Compared to the DDQN algorithm, the DDQN-DNER algorithm accelerates the convergence of the model. In all scenarios, this algorithm consistently achieves the highest scores, indicating that the defensive strategies and measures generated by the blue agent are highly effective. The blue agent can promptly detect potential threats and attacks and take appropriate actions to address and mitigate these attacks, thereby ensuring network security.

Bin Ren,Yunlong Tang,Huan Wang,Yichuan Wang,Jianxiong Liu,Ge Gao,Wei Wei

DOI: https://doi.org/10.1109/jiot.2024.3368072

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Enhancing the security capability of decentralized networks has been a focus of attention in the IoT academic community. Decentralized networks face problems such as lack of security resources, complex and heterogeneous difficulties in network security management, and dependence on the level of knowledge of human experts for security defense strategies and management effects. To tackle these challenges, this study presents a multi-agents deep reinforcement learning autonomous security management approach. The research builds a finite random game network attack-defense model that captures the dynamic adversarial nature of the attack-defense process. Leveraging reinforcement learning techniques, autonomous defense agent is designed to autonomously generate and adapt defense strategies. To enhance the defense capability, a network attack agent is developed. Moreover, drawing inspiration from MINIMAX Q-learning, a synchronized interactive training mechanism is discussed to address the issue of environment instability arising from the decoupling of observation space and action space among multiple coexisting offensive and defensive agents in the same environment. Experimental simulations validate the effectiveness of the proposed method in automated attack-defense scenarios, and analyse the generalization ability in networks of different scales.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongcheng Huang,Peixin Ye,Min Hu,Jun Wu

DOI: https://doi.org/10.1016/j.dcan.2022.04.008

IF: 6.348

2022-04-01

Digital Communications and Networks

Abstract:Nowadays, a large number of intelligent devices involved in the Industrial Internet of Things (IIoT) environment are posing unprecedented cybersecurity challenges. Due to the limited budget for security protection, the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service (DDoS) attacks, resulting in disastrous results. Unfortunately, considering the particularity of the IIoT environment, most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance. Therefore, in this work, we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT. Specifically, for the single point DDoS defense, we design an edge-centric mechanism termed EdgeDefense for the detection, identification, classification, and mitigation of DDoS attacks and the generation of defense information. For the practical multi-point scenario, we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain. Besides, a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee. The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models, and therefore EdgeDefense can defend against DDoS attacks effectively. The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively, thereby improving the responsiveness of the multi-point collaborative DDoS defense.

telecommunications

Qin Liu,Liqiong Chen,Hongbo Jiang,Jie Wu,Tian Wang,Tao Peng,Guojun Wang

DOI: https://doi.org/10.1016/j.adhoc.2021.102727

IF: 4.816

2022-01-01

Ad Hoc Networks

Abstract:Deep Learning shows a broad prospect in providing intelligence microservices to Industrial Internet of Things (IIoT). However, the existence of potential secure vulnerabilities limits the application of deep learning in IIoT. Therefore, how to provide secure deep learning services in IIoT applications becomes an important research topic. Among various attacks on deep neural networks (DNNs), backdoor attacks are generally recognized as the most imperceptible type, where an attacker can upload a poisoned DNN model that misbehaves only when inputs contain specific triggers. Existing defense solutions assume a defender has prior knowledge of backdoor triggers or DNN models, remaining far away from practical and flexible. To this end, this paper proposes a collaborative deep learning microservice, CoDefend, which employs strong intentional perturbation (STRIP) and cycle generative adversarial network (CycleGAN) to defend against backdoored neural networks. Compared with previous work, CoDefend has the advantages of flexibility and practicality. Empirical evaluations validate the high efficacy of CoDefend in providing secure deep learning microservices to IIoT.

Chenquan Gan,Jiabin Lin,Da-Wen Huang,Qingyi Zhu,Liang Tian,Deepak Kumar Jain

DOI: https://doi.org/10.1016/j.eswa.2023.121255

IF: 8.5

2023-09-03

Expert Systems with Applications

Abstract:This paper is dedicated to solving the problem of Advanced Persistent Threat (APT) attack and defense in the Industrial Internet of Things (IIoT). Due to the diversity of IIoT equipment and the inconsistency of protection capabilities, it is difficult for the existing uniform defense strategy and the random defense strategy to achieve ideal results. Considering that both attackers and defenders aim to achieve maximum benefits by paying the minimum cost, as well as the differences between devices, this paper proposes an equipment classification based differential game method for APT in IIoT. Firstly, all equipment is divided into two categories according to their protective capabilities. Secondly, the APT attack and defense process is mathematically described, and the corresponding differential game problem is formulated and analyzed theoretically. Finally, the theoretical results of this method are verified by various experiments, including the comparisons with the uniform defense strategy, the random defense strategy, and the latest model.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

John Mern,Kyle Hatch,Ryan Silva,Cameron Hickert,Tamim Sookoor,Mykel J. Kochenderfer

DOI: https://doi.org/10.48550/arXiv.2111.02445

2021-11-03

Cryptography and Security

Abstract:Defending computer networks from cyber attack requires timely responses to alerts and threat intelligence. Decisions about how to respond involve coordinating actions across multiple nodes based on imperfect indicators of compromise while minimizing disruptions to network operations. Currently, playbooks are used to automate portions of a response process, but often leave complex decision-making to a human analyst. In this work, we present a deep reinforcement learning approach to autonomous response and recovery in large industrial control networks. We propose an attention-based neural architecture that is flexible to the size of the network under protection. To train and evaluate the autonomous defender agent, we present an industrial control network simulation environment suitable for reinforcement learning. Experiments show that the learned agent can effectively mitigate advanced attacks that progress with few observable signals over several months before execution. The proposed deep reinforcement learning approach outperforms a fully automated playbook method in simulation, taking less disruptive actions while also defending more nodes on the network. The learned policy is also more robust to changes in attacker behavior than playbook approaches.

Rundong Yang,Kangfeng Zheng,Xiujuan Wang,Bin Wu,Chunhua Wu

DOI: https://doi.org/10.32604/csse.2023.038917

IF: 4.397

2023-01-01

Computer Systems Science and Engineering

Abstract:Social engineering attacks are considered one of the most hazardous cyberattacks in cybersecurity, as human vulnerabilities are often the weakest link in the entire network. Such vulnerabilities are becoming increasingly susceptible to network security risks. Addressing the social engineering attack defense problem has been the focus of many studies. However, two main challenges hinder its successful resolution. Firstly, the vulnerabilities in social engineering attacks are unique due to multistage attacks, leading to incorrect social engineering defense strategies. Secondly, social engineering attacks are real-time, and the defense strategy algorithms based on gaming or reinforcement learning are too complex to make rapid decisions. This paper proposes a multiattribute quantitative incentive method based on human vulnerability and an improved Q-learning (IQL) reinforcement learning method on human vulnerability attributes. The proposed algorithm aims to address the two main challenges in social engineering attack defense by using a multiattribute incentive method based on human vulnerability to determine the optimal defense strategy. Furthermore, the IQL reinforcement learning method facilitates rapid decision-making during real-time attacks. The experimental results demonstrate that the proposed algorithm outperforms the traditional Q-learning (QL) and deep Q-network (DQN) approaches in terms of time efficiency, taking 9.1% and 19.4% less time, respectively. Moreover, the proposed algorithm effectively addresses the non-uniformity of vulnerabilities in social engineering attacks and provides a reliable defense strategy based on human vulnerability attributes. This study contributes to advancing social engineering attack defense by introducing an effective and efficient method for addressing the vulnerabilities of human factors in the cybersecurity domain.

computer science, theory & methods, hardware & architecture

Xuecai Feng,Hui Xia,Shuo Xu,Lijuan Xu,Rui Zhang

DOI: https://doi.org/10.1016/j.eswa.2023.120965

IF: 8.5

2023-07-30

Expert Systems with Applications

Abstract:The lack of effective defense resource allocation strategies and reliable multi-agent collaboration mechanisms lead to the low stability of Deep Reinforcement Learning (DRL)-based security defense strategies in several Internet of Things (IoT) applications. To address the aforementioned issues and approach real-world scenarios, we construct a grid-based adversarial security scenario, propose a two-stage zero-sum security game model (including the resource allocation stage and the patrolling detection stage), and design a t wo-stage s ecurity g ame s olution algorithm based on DRL for this game model, named TSGS. In the resource allocation stage, TSGS uses auxiliary action embedding and gradient approximation approach to compute the Nash Equilibrium (NE) allocation strategy, which addresses the problem of unreasonable allocation. In the patrolling detection stage, TSGS achieves team collaboration by training a multi-agent Dueling Deep-Q Network under the centralized training and decentralized execution (CTDE) framework, which solves the cooperation problem among multiple defense agents. In addition, we design and implement a multi-parameterized attacker model to make the attacker's behaviors more realistic in the game. Finally, the validity of the TSGS is verified by detailed experimental results for several adversarial experimental scenarios. Compared with the baseline methods, the defense strategy learned by TSGS has higher utility and greater robustness. Especially, TSGS achieves efficient collaboration during the patrolling detection stage after resource allocation by making full use of real-time information and communication.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Xing Liu,Wei Yu,Fan Liang,David Griffith,Nada Golmie

DOI: https://doi.org/10.1016/j.comcom.2020.12.013

IF: 5.047

2021-02-01

Computer Communications

Abstract:<p>The Industrial Internet of Things (IIoT), also known as Industry 4.0, empowers manufacturing and production processes by leveraging automation and Internet of Things (IoT) technologies. In IIoT, the information communication technologies enabled by IoT could greatly improve the efficiency and timeliness of information exchanges between both vertical and horizontal system integrations. Likewise, machine learning algorithms, particularly Deep Reinforcement Learning (DRL), are viable for assisting in automated control of complex IIoT systems, with the support of distributed edge computing infrastructure. Despite noticeable performance improvements, the security threats brought by massive interconnections in IoT and the vulnerabilities of deep neural networks used in DRL must be thoroughly investigated and mitigated before widespread deployment. Thus, in this paper we first design a DRL-based controller that could be deployed at edge computing server to enable automated control in an IIoT context. We then investigate malicious behaviors of adversaries with two attacks: (i) function-based attacks that can be launched during training phase and (ii) performance-based attacks that can be launched after training phase, to study the security impacts of vulnerable DRL-based controllers. From the adversary's perspective, maximum entropy Inverse Reinforcement Learning (IRL) is used to approximate a reward function through observation of system trajectories under the control of trained DRL-based controllers. The approximated reward function is then used to launch attacks by the adversary against the Deep Q Network (DQN)-based controller. Via simulation, we evaluate the impacts of our two investigated attacks, finding that attacks are increasingly successful with increasing accuracy of the control model. Furthermore, we discuss some tradeoffs between control performance and security performance of DRL-based IIoT controllers, and outline several future research directions to secure machine learning use in IIoT systems.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Yunfei Song,Tian Liu,Tongquan Wei,Xiangfeng Wang,Zhe Tao,Mingsong Chen

DOI: https://doi.org/10.1109/tii.2020.3005969

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:Along with the proliferation of artificial intelligence and Internet of things (IoT) techniques, various kinds of adversarial attacks are increasingly emerging to fool deep neural networks (DNNs) used by industrial IoT (IIoT) applications. Due to biased training data or vulnerable underlying models, imperceptible modifications on inputs made by adversarial attacks may result in devastating consequences. Although existing methods are promising in defending such malicious attacks, most of them can only deal with limited existing attack types, which makes the deployment of large-scale IIoT devices a great challenge. To address this problem, in this article, we present an effective federated defense approach named FDA3 that can aggregate defense knowledge against adversarial examples from different sources. Inspired by federated learning, our proposed cloud-based architecture enables the sharing of defense capabilities against different attacks among IIoT devices. Comprehensive experimental results show that the generated DNNs by our approach can not only resist more malicious attacks than existing attack-specific adversarial training methods, but also prevent IIoT applications from new attacks.

Han Qiu,Tian Dong,Tianwei Zhang,Jialiang Lu,Gerard Memmi,Meikang Qiu

DOI: https://doi.org/10.1109/jiot.2020.3048038

IF: 10.6

2021-07-01

IEEE Internet of Things Journal

Abstract:Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Luke Borchjes,Clement Nyirenda,Louise Leenen

DOI: https://doi.org/10.48550/arXiv.2308.04909

2023-08-12

Abstract:This paper focuses on the impact of leveraging autonomous offensive approaches in Deep Reinforcement Learning (DRL) to train more robust agents by exploring the impact of applying adversarial learning to DRL for autonomous security in Software Defined Networks (SDN). Two algorithms, Double Deep Q-Networks (DDQN) and Neural Episodic Control to Deep Q-Network (NEC2DQN or N2D), are compared. NEC2DQN was proposed in 2018 and is a new member of the deep q-network (DQN) family of algorithms. The attacker has full observability of the environment and access to a causative attack that uses state manipulation in an attempt to poison the learning process. The implementation of the attack is done under a white-box setting, in which the attacker has access to the defender's model and experiences. Two games are played; in the first game, DDQN is a defender and N2D is an attacker, and in second game, the roles are reversed. The games are played twice; first, without an active causative attack and secondly, with an active causative attack. For execution, three sets of game results are recorded in which a single set consists of 10 game runs. The before and after results are then compared in order to see if there was actually an improvement or degradation. The results show that with minute parameter changes made to the algorithms, there was growth in the attacker's role, since it is able to win games. Implementation of the adversarial learning by the introduction of the causative attack showed the algorithms are still able to defend the network according to their strengths.

Cryptography and Security,Artificial Intelligence

Yunfei Song,Tian Liu,Tongquan Wei,Xiangfeng Wang,Zhe Tao,Mingsong Chen

DOI: https://doi.org/10.1109/TII.2020.3005969

2020-06-28

Abstract:Along with the proliferation of Artificial Intelligence (AI) and Internet of Things (IoT) techniques, various kinds of adversarial attacks are increasingly emerging to fool Deep Neural Networks (DNNs) used by Industrial IoT (IIoT) applications. Due to biased training data or vulnerable underlying models, imperceptible modifications on inputs made by adversarial attacks may result in devastating consequences. Although existing methods are promising in defending such malicious attacks, most of them can only deal with limited existing attack types, which makes the deployment of large-scale IIoT devices a great challenge. To address this problem, we present an effective federated defense approach named FDA3 that can aggregate defense knowledge against adversarial examples from different sources. Inspired by federated learning, our proposed cloud-based architecture enables the sharing of defense capabilities against different attacks among IIoT devices. Comprehensive experimental results show that the generated DNNs by our approach can not only resist more malicious attacks than existing attack-specific adversarial training methods, but also can prevent IIoT applications from new attacks.

Machine Learning,Cryptography and Security

Onat Gungor,Tajana Rosing,Baris Aksanli

DOI: https://doi.org/10.48550/arXiv.2301.09740

2023-01-24

Abstract:Industrial Internet of Things (I-IoT) is a collaboration of devices, sensors, and networking equipment to monitor and collect data from industrial operations. Machine learning (ML) methods use this data to make high-level decisions with minimal human intervention. Data-driven predictive maintenance (PDM) is a crucial ML-based I-IoT application to find an optimal maintenance schedule for industrial assets. The performance of these ML methods can seriously be threatened by adversarial attacks where an adversary crafts perturbed data and sends it to the ML model to deteriorate its prediction performance. The models should be able to stay robust against these attacks where robustness is measured by how much perturbation in input data affects model performance. Hence, there is a need for effective defense mechanisms that can protect these models against adversarial attacks. In this work, we propose a double defense mechanism to detect and mitigate adversarial attacks in I-IoT environments. We first detect if there is an adversarial attack on a given sample using novelty detection algorithms. Then, based on the outcome of our algorithm, marking an instance as attack or normal, we select adversarial retraining or standard training to provide a secondary defense layer. If there is an attack, adversarial retraining provides a more robust model, while we apply standard training for regular samples. Since we may not know if an attack will take place, our adaptive mechanism allows us to consider irregular changes in data. The results show that our double defense strategy is highly efficient where we can improve model robustness by up to 64.6% and 52% compared to standard and adversarial retraining, respectively.

Cryptography and Security,Machine Learning

Ahmed Mohamed Ahmed,Thanh Thi Nguyen,Mohamed Abdelrazek,Sunil Aryal

DOI: https://doi.org/10.1007/s00521-024-09668-0

2024-05-08

Neural Computing and Applications

Abstract:In today's intricate information technology landscape, the escalating complexity of computer networks is accompanied by a myriad of malicious threats seeking to compromise network components. To address these security challenges, we propose an approach that synergizes reinforcement learning and deep neural networks. Our method involves training autonomous cyber-agents to strategically attack network nodes, aiming to expose vulnerabilities and extract confidential information. We employ various off-policy deep reinforcement learning algorithms, including deep Q-network (DQN), double DQN, and dueling DQN, to train and evaluate these agents within two enterprise simulation networks provided by Microsoft. The simulations, modeled as Markov games between attack and defense, exclude human intervention. Results demonstrate that agents trained by double DQN and dueling DQN surpass baseline agents trained using traditional reinforcement learning and DQN methods. This approach not only enhances our understanding of network vulnerabilities but also lays the groundwork for future efforts to fortify computer network defense and security.

computer science, artificial intelligence

Zengwang Jin,Shuting Zhang,Yanyan Hu,Yanning Zhang,Changyin Sun

DOI: https://doi.org/10.3390/act11070192

IF: 2.6

2022-01-01

Actuators

Abstract:This paper addressed the optimal policy selection problem of attacker and sensor in cyber-physical systems (CPSs) under denial of service (DoS) attacks. Since the sensor and the attacker have opposite goals, a two-player zero-sum game is introduced to describe the game between the sensor and the attacker, and the Nash equilibrium strategies are studied to obtain the optimal actions. In order to effectively evaluate and quantify the gains, a reinforcement learning algorithm is proposed to dynamically adjust the corresponding strategies. Furthermore, security state estimation is introduced to evaluate the impact of offensive and defensive strategies on CPSs. In the algorithm, the ε-greedy policy is improved to make optimal choices based on sufficient learning, achieving a balance of exploration and exploitation. It is worth noting that the channel reliability factor is considered in order to study CPSs with multiple reasons for packet loss. The reinforcement learning algorithm is designed in two scenarios: reliable channel (that is, the reason for packet loss is only DoS attacks) and unreliable channel (the reason for packet loss is not entirely from DoS attacks). The simulation results of the two scenarios show that the proposed reinforcement learning algorithm can quickly converge to the Nash equilibrium policies of both sides, proving the availability and effectiveness of the algorithm.

Lianpeng Li,Xu Zhao,Junfang Fan,Fuchao Liu,Ning Liu,Hui Zhao

DOI: https://doi.org/10.1016/j.future.2023.11.027

2024-01-01

Abstract:The security of industrial Internet of Things (IIOT) has recently attracted significant attention. As typical IIoT systems, industrial robots are suffering from lots of threats involving control, communication, and computing, which are difficult to detect IIoT attacks accurately in real-time due to resource constraints. How to efficiently and accurately identify IoT attacks on industrial robots is challenging. To address this, we propose a trustworthy security model (TSM) with a fusion design that integrates an improved deep Q-network (IDQN) and a control model, thus accelerating the model training process by reducing the network traversal space and improving detection accuracy by establishing a prejudgment mechanism. We initially provide a detailed overview of existing methods for robot security and derive a robot control model consisting of kinematics and kinetic. Then, a 17-labeled dataset named iRobot security dataset is established to train the TSM. Moreover, we established a robot physical platform to evaluate the performance of TSM, and five cyber security indicators are employed to quantify the performance. Experimental results show that TSM detects attacks at an average rate of 98.7 % and a 0.01 s latency, which demonstrates the excellent performance in detection accuracy and detection efficiency, and provides an idea for solving these issues.

Md Morshed Alam,Israt Jahan,Weichao Wang

2024-01-16

Abstract:In trigger-action IoT platforms, IoT devices report event conditions to IoT hubs notifying their cyber states and let the hubs invoke actions in other IoT devices based on functional dependencies defined as rules in a rule engine. These functional dependencies create a chain of interactions that help automate network tasks. Adversaries exploit this chain to report fake event conditions to IoT hubs and perform remote injection attacks upon a smart environment to indirectly control targeted IoT devices. Existing defense efforts usually depend on static analysis over IoT apps to develop rule-based anomaly detection mechanisms. We also see ML-based defense mechanisms in the literature that harness physical event fingerprints to determine anomalies in an IoT network. However, these methods often demonstrate long response time and lack of adaptability when facing complicated attacks. In this paper, we propose to build a deep reinforcement learning based real-time defense system for injection attacks. We define the reward functions for defenders and implement a deep Q-network based approach to identify the optimal defense policy. Our experiments show that the proposed mechanism can effectively and accurately identify and defend against injection attacks with reasonable computation overhead.

Cryptography and Security