A deep reinforcement learning approach for security-aware service acquisition in IoT

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Information Security and Applications Pub Date : 2024-08-09 DOI:10.1016/j.jisa.2024.103856
Marco Arazzi , Serena Nicolazzo , Antonino Nocera
{"title":"A deep reinforcement learning approach for security-aware service acquisition in IoT","authors":"Marco Arazzi ,&nbsp;Serena Nicolazzo ,&nbsp;Antonino Nocera","doi":"10.1016/j.jisa.2024.103856","DOIUrl":null,"url":null,"abstract":"<div><p>The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"85 ","pages":"Article 103856"},"PeriodicalIF":3.8000,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001583","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
物联网安全感知服务获取的深度强化学习方法
新兴物联网(IoT)的特点是存在大量异构智能设备和服务,这些设备和服务通常由第三方提供。虽然基于机器的服务水平协议(SLA)最近已被用于在这种情况下建立和共享策略,但系统所有者并不总是对所提供功能的安全性和隐私性完全透明。因此,如何让终端用户了解系统的整体安全级别,并通过提供所请求的服务来满足他们的隐私要求,仍然是一项具有挑战性的任务。为了解决这个问题,我们提出了一个完整的框架,允许用户为获取物联网服务选择合适的隐私和安全要求级别。我们的方法利用了深度强化学习解决方案,其中对环境中的用户代理进行了训练,使其能够选择遇到的最佳智能对象,代表所有者为用户提供目标服务。这一策略旨在让代理在复杂的多维环境中移动并对可能发生的变化做出反应,从而从经验中学习。在学习阶段,代理的一项关键任务是遵守最后期限,同时确保用户的安全和隐私要求。最后,为了评估所提出方法的性能,我们开展了广泛的实验活动。获得的结果还表明,我们的解决方案可以成功地部署在物联网环境中常见的非常基本和简单的设备上。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
期刊最新文献
Fed-LSAE: Thwarting poisoning attacks against federated cyber threat detection system via Autoencoder-based latent space inspection Lightweight privacy-preserving authenticated key agreements using physically unclonable functions for internet of drones BCRS-DS: A Privacy-protected data sharing scheme for IoT based on blockchain and certificateless ring signature Privacy-preserving verifiable fuzzy phrase search over cloud-based data Robust coverless video steganography based on pose estimation and object tracking
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1