Automatic IoT permission assignment with transformer models under spatiotemporal constraints

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-06-16 DOI:10.1016/j.jisa.2025.104099

Chao Fu , Guohua Shen , Zhiqiu Huang , Jian Xie , Jiazhou Fu

{"title":"Automatic IoT permission assignment with transformer models under spatiotemporal constraints","authors":"Chao Fu , Guohua Shen , Zhiqiu Huang , Jian Xie , Jiazhou Fu","doi":"10.1016/j.jisa.2025.104099","DOIUrl":null,"url":null,"abstract":"<div><div>Permission assignment in IoT environments faces significant challenges due to dynamic spatiotemporal constraints and the limitations of traditional static access control models. This paper introduces a Transformer-Based Permission Assignment (TBPA), a novel framework integrating Long Short-Term Memory (LSTM) networks and Transformer architectures to automate permission assignment under spatiotemporal dynamics. TBPA uses LSTM to predict attribute trends, embeds attributes into the feature space through the Feature Tokenizer module, and Transformer’s multi-head attention mechanism to capture the complex relationships between attributes and permissions, enabling the dynamic assignment of permissions based on changing subject and environment attributes. To mitigate data imbalance, TBPA employs Synthetic Minority Over-sampling Technique and Tomek Links, enhancing prediction accuracy for critical “deny” decisions. Experiments on real-world and synthetic datasets demonstrate TBPA’s superiority, with a 1.5% improvement in F1 score over other methods. The robustness of the framework is validated across different IoT scenarios, including imbalanced datasets and dynamic spatiotemporal constraints. By automating permission assignment without manual intervention, TBPA bridges the gap between policy mining and real-time enforcement, offering a scalable solution for secure, context-aware IoT access control.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104099"},"PeriodicalIF":3.8000,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262500136X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Permission assignment in IoT environments faces significant challenges due to dynamic spatiotemporal constraints and the limitations of traditional static access control models. This paper introduces a Transformer-Based Permission Assignment (TBPA), a novel framework integrating Long Short-Term Memory (LSTM) networks and Transformer architectures to automate permission assignment under spatiotemporal dynamics. TBPA uses LSTM to predict attribute trends, embeds attributes into the feature space through the Feature Tokenizer module, and Transformer’s multi-head attention mechanism to capture the complex relationships between attributes and permissions, enabling the dynamic assignment of permissions based on changing subject and environment attributes. To mitigate data imbalance, TBPA employs Synthetic Minority Over-sampling Technique and Tomek Links, enhancing prediction accuracy for critical “deny” decisions. Experiments on real-world and synthetic datasets demonstrate TBPA’s superiority, with a 1.5% improvement in F1 score over other methods. The robustness of the framework is validated across different IoT scenarios, including imbalanced datasets and dynamic spatiotemporal constraints. By automating permission assignment without manual intervention, TBPA bridges the gap between policy mining and real-time enforcement, offering a scalable solution for secure, context-aware IoT access control.

查看原文本刊更多论文

时空约束下变压器模型的物联网权限自动分配

由于动态时空约束和传统静态访问控制模型的局限性，物联网环境中的权限分配面临重大挑战。本文介绍了一种基于变压器的权限分配（TBPA）框架，该框架将长短期记忆（LSTM）网络和变压器架构集成在一起，实现了在时空动态下的权限自动分配。TBPA使用LSTM预测属性趋势，通过feature Tokenizer模块将属性嵌入到特征空间中，使用Transformer的多头关注机制捕捉属性和权限之间的复杂关系，实现基于主题和环境属性变化的动态权限分配。为了减轻数据不平衡，TBPA采用了合成少数派过采样技术和Tomek链接，提高了关键“拒绝”决策的预测准确性。在真实世界和合成数据集上的实验证明了TBPA的优越性，F1分数比其他方法提高了1.5%。该框架的鲁棒性在不同的物联网场景中得到验证，包括不平衡的数据集和动态时空约束。通过在没有人工干预的情况下自动分配权限，TBPA弥合了策略挖掘和实时执行之间的差距，为安全、上下文感知的物联网访问控制提供了可扩展的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.