A deep reinforcement learning approach for security-aware service acquisition in IoT

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-08-09 DOI:10.1016/j.jisa.2024.103856

{"title":"A deep reinforcement learning approach for security-aware service acquisition in IoT","authors":"","doi":"10.1016/j.jisa.2024.103856","DOIUrl":null,"url":null,"abstract":"<div><p>The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8000,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001583","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.

查看原文本刊更多论文

物联网安全感知服务获取的深度强化学习方法

新兴物联网（IoT）的特点是存在大量异构智能设备和服务，这些设备和服务通常由第三方提供。虽然基于机器的服务水平协议（SLA）最近已被用于在这种情况下建立和共享策略，但系统所有者并不总是对所提供功能的安全性和隐私性完全透明。因此，如何让终端用户了解系统的整体安全级别，并通过提供所请求的服务来满足他们的隐私要求，仍然是一项具有挑战性的任务。为了解决这个问题，我们提出了一个完整的框架，允许用户为获取物联网服务选择合适的隐私和安全要求级别。我们的方法利用了深度强化学习解决方案，其中对环境中的用户代理进行了训练，使其能够选择遇到的最佳智能对象，代表所有者为用户提供目标服务。这一策略旨在让代理在复杂的多维环境中移动并对可能发生的变化做出反应，从而从经验中学习。在学习阶段，代理的一项关键任务是遵守最后期限，同时确保用户的安全和隐私要求。最后，为了评估所提出方法的性能，我们开展了广泛的实验活动。获得的结果还表明，我们的解决方案可以成功地部署在物联网环境中常见的非常基本和简单的设备上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.