IoTHaven: An Online Defense System to Mitigate Remote Injection Attacks in Trigger-action IoT Platforms

• Published in: Proceedings of the ... IEEE Workshop on Local and Metropolitan Area Networks pp. 15 - 20
• Main Authors: Alam, Md Morshed, Mohaimenur Rahman, A B M, Wang, Weichao
• Format: Conference Proceeding
• Language: English
• Published: IEEE 10.07.2024
• Subjects: Computational modeling; Deep Reinforcement Learning; Internet of Things; POMDP; Remote Injection Attack; Runtime; Smart homes; System performance; Training; Transfer learning; Trigger-action loT Platform; Uncertainty
• ISSN: 1944-0375
• DOI: 10.1109/LANMAN61958.2024.10621894

Trigger-action Internet of Things (loT) platforms allow loT devices to create a chain of interactions to automate network tasks by leveraging functional dependencies between loT event conditions and actions. When network devices notify their cyber states to the loT hub by reporting event conditions, the hub utilizes this chain to invoke actions in corresponding loT devices dictated by user-defined rules. Adversaries exploit this scenario to implement remote injection attacks by maliciously reporting fake event conditions to force the hub to command target loT devices to perform invalid actions violating rule integrity. Security mechanisms in the existing literature either require complete visibility over network events to provide an effective defense against dynamic injection attacks or do not offer real-time security. In this paper, we propose Io'I'Haven, an online defense system that counters remote injection attacks at runtime. Even with partial visibility over network states, our system can discern an optimal defense policy, maximizing the overall security gain. We train an LSTM-based function approximator to determine the optimal defense action at each timestep. Experimental results show that IotHaven effectively counters attack progression at runtime with minimal computation overhead.