The reviewed record of science sign in
Pith

arxiv: 2406.03836 · v1 · pith:ZL62NNIM · submitted 2024-06-06 · cs.CR · cs.AI

Proactive Detection of Physical Inter-rule Vulnerabilities in IoT Services Using a Deep Learning Approach

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:ZL62NNIMrecord.jsonopen to challenge →

classification cs.CR cs.AI
keywords inter-rulephysicalrulestrigger-actionapproachchannelsenvironmentvulnerabilities
0
0 comments X
read the original abstract

Emerging Internet of Things (IoT) platforms provide sophisticated capabilities to automate IoT services by enabling occupants to create trigger-action rules. Multiple trigger-action rules can physically interact with each other via shared environment channels, such as temperature, humidity, and illumination. We refer to inter-rule interactions via shared environment channels as a physical inter-rule vulnerability. Such vulnerability can be exploited by attackers to launch attacks against IoT systems. We propose a new framework to proactively discover possible physical inter-rule interactions from user requirement specifications (i.e., descriptions) using a deep learning approach. Specifically, we utilize the Transformer model to generate trigger-action rules from their associated descriptions. We discover two types of physical inter-rule vulnerabilities and determine associated environment channels using natural language processing (NLP) tools. Given the extracted trigger-action rules and associated environment channels, an approach is proposed to identify hidden physical inter-rule vulnerabilities among them. Our experiment on 27983 IFTTT style rules shows that the Transformer can successfully extract trigger-action rules from descriptions with 95.22% accuracy. We also validate the effectiveness of our approach on 60 SmartThings official IoT apps and discover 99 possible physical inter-rule vulnerabilities.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.